OVAPortableText

v0.4.0 suspicious
4.0
Medium Risk

Python builder for generating OVAPortableText / Report Profile v1 JSON documents

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has some minor risks associated with shell execution and metadata, but there are no significant signs of malicious activity. However, the maintainer's limited presence and lack of a GitHub repository warrant further investigation.

  • Shell execution risk
  • Maintainer has only one package and no GitHub repository
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package is designed to communicate with external services.
  • Shell: Shell execution might be intended for running examples or tests but should be reviewed for proper context and permissions.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package and no GitHub repository, which may indicate a less experienced or potentially suspicious actor.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • in EXAMPLES: result = subprocess.run( [sys.executable, str(example)], cwd
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "FENG QU" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with OVAPortableText 
Create a Python-based utility named 'ReportGenerator' that leverages the 'OVAPortableText' package to generate structured report profiles in JSON format. This utility will allow users to input various data points such as title, sections, subsections, images, and other metadata directly through command line arguments or a simple GUI interface. The utility should validate user inputs to ensure they conform to the specifications required by the OVAPortableText standard for Report Profile v1 documents.

Core Features:
1. User Input Interface: Develop a command-line interface (CLI) where users can specify report details like title, author, publication date, etc., and also upload images and files related to the report.
2. Data Validation: Implement validation checks to ensure all necessary fields are filled out correctly according to the OVAPortableText schema before proceeding to generate the report profile.
3. Report Generation: Use the 'OVAPortableText' package to build the JSON document based on user inputs. Ensure that the generated JSON adheres strictly to the Report Profile v1 specification.
4. Output Options: Provide options for users to either save the generated JSON file locally or send it directly to a specified API endpoint for further processing.
5. Error Handling: Include robust error handling mechanisms to manage potential issues during data entry or generation processes, providing clear feedback to the user.

The 'OVAPortableText' package plays a crucial role in this utility by facilitating the creation of compliant JSON documents. Users will benefit from this tool by being able to easily produce standardized reports without needing deep knowledge of the underlying JSON structure.