Package Metadata

Author: —
Email: "Rishabh Kundu, Van Tran, Redad Mehdi, Ethan Frakes, Abhishek Daundkar, Maliesha Sumudumalie, Vibha S. Mandayam, Jacob A. Lample, Mengjie Li, Laura S. Bruckman, Erika I. Barcelos, Alp Sehirlioglu, Roger H. French, Yinghui Wu" <[email protected]>
PyPI: OntoCheck
Python: >=3.8
Versions: 14 releases
First release: 28 Oct 2025, 20:47 UTC
Analysed: 05 Jun 2026, 17:28 UTC
Source files: 26 .py files scanned

Project Links

Classifiers

License :: Other/Proprietary LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Topic :: Scientific/Engineering

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package OntoCheck v0.0.7.0 exhibits low risks in terms of network, shell, obfuscation, and credential handling. However, the metadata risk due to the maintainer's new or inactive account and lack of detailed information warrants further investigation.

Low network, shell, obfuscation, and credential risks
Metadata risk due to insufficient maintainer details

Per-check LLM notes

Network: The network call patterns suggest legitimate HTTP HEAD and GET requests, possibly for checking URL availability or fetching resources.
Shell: No shell execution patterns were detected.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The maintainer has a new or inactive account and lacks detailed author information, which raises some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

try: response = requests.head(url, timeout=10) if response.status_code == 200:
IT 1'} response = requests.get(endpoint, params=params, timeout=10) if response

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: case.edu>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository cwru-sdle/OntoCheck appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with OntoCheck

Develop a scientific data validation tool using the Python package 'OntoCheck'. This tool will help researchers ensure their datasets conform to specific ontologies relevant to their field of study. The application should allow users to upload a CSV file containing their dataset and select an ontology from a predefined list. Upon submission, the tool will validate the dataset against the chosen ontology, highlighting any discrepancies or missing required fields.

Core Features:
1. User Interface: A simple web interface built using Flask or Django allowing users to upload a CSV file and select an ontology.
2. Ontology Selection: Predefined ontologies such as Gene Ontology (GO), Chemical Entities of Biological Interest (ChEBI), or any other relevant scientific domain-specific ontologies.
3. Data Validation: Utilize OntoCheck's task-based ontology assessment capabilities to validate the uploaded dataset against the selected ontology.
4. Result Presentation: Display a summary of the validation process, including a list of errors and warnings, and suggestions for correction if applicable.
5. Reporting: Generate a downloadable report detailing the validation results.

How OntoCheck is Utilized:
- Use OntoCheck to define tasks based on the selected ontology, ensuring that the dataset meets all specified criteria.
- Implement OntoCheck's assessment functions to check each entry in the uploaded CSV file against the defined ontology tasks.
- Leverage OntoCheck's ability to provide detailed feedback on why certain entries fail validation, aiding in the correction process.