AI Analysis
Final verdict: SUSPICIOUS
The package exhibits some unusual practices such as the use of eval and compile, which significantly increase the risk of code injection or obfuscation. However, it does not pose an immediate threat based on current evidence.
- High obfuscation risk due to use of eval and compile
- Unusual shell execution that requires further investigation
Per-check LLM notes
- Network: No network calls detected, which is normal for a text conversion tool.
- Shell: The presence of shell execution checks might be unusual but could be related to handling different operating systems. Further investigation is needed.
- Obfuscation: The use of eval and compile with dynamic execution suggests potential for code injection or obfuscation, indicating a higher risk.
- Credentials: No clear patterns indicative of credential harvesting were detected.
- Metadata: The presence of non-HTTPS links is concerning but the maintainer has multiple authors and there are no other suspicious flags.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
score 6.0
Found 3 obfuscation pattern(s)
"] ) CAN_PASS_EMPTY_ENV = eval(child.output) # Check if this platform can unset environmeiron)"] ) CAN_UNSET_ENV = eval(child.output) # Checks if we should test with an empty filtra_cmd=extra_cmd) code = compile(txt, setup_py, "exec") exec(code, {"SDist": SDist}) from __future__ import
Shell / Subprocess Execution
score 6.0
Found 3 shell execution pattern(s)
xit_code: the result value of os.system(command). """ if os.name == 'nt': # On Windows, os.EXITSTATUS() doesn't work and os.system() returns # the argument to exit() directly. returnatus # from the result of os.system(). if os.WIFEXITED(exit_code): return os.WEXITSTAT
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
score 3.0
Possible typosquat of: openai
"OpenCC" is 2 edit(s) from "openai"
Registered Email Domain
Email domain looks legitimate: gmail.com
Suspicious Page Links
score 10.0
Found 6 suspicious link(s) on the package page
Non-HTTPS external link: http://code.google.com/p/libgooglepinyin/Non-HTTPS external link: http://www.byvoid.com/Non-HTTPS external link: http://kanru.info/Non-HTTPS external link: http://jjgod.org/Non-HTTPS external link: http://home.mno2.org/Non-HTTPS external link: http://mscdex.net
Git Repository History
Repository BYVoid/OpenCC appears legitimate
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "Carbo Kuo, Peng Huang, Kefu Chai, LI Daobing, Asias, Peng Wu, Xiaojun Ma, 佛振" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with OpenCC
Create a user-friendly web application using Python's Flask framework and the OpenCC package to facilitate seamless conversion between Traditional and Simplified Chinese. This application will allow users to input text in either script and instantly receive the converted version of their text. Additionally, implement features such as automatic script detection, history tracking for previous conversions, and an option to save frequently used phrases. Ensure the UI design is intuitive and accessible, providing clear instructions on how to use the converter. Use OpenCC to handle all the script conversion logic within your backend code.