Orange3-CanvasAgent

v0.1.3 suspicious
6.0
Medium Risk

An Orange3 canvas agent widget with reversible AI commits.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of being newly created with unusual metadata and potential credential harvesting, indicating moderate risk. Further investigation is needed.

  • Metadata risk (7/10) due to unusual commit patterns and limited author activity.
  • Potential credential harvesting (5/10) which may indicate malicious intent.
Per-check LLM notes
  • Network: No network calls detected, which is low risk.
  • Shell: Shell execution patterns suggest the package might be executing scripts or commands, which could be legitimate but warrants further investigation to ensure it's not being used maliciously.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code pattern indicates potential credential harvesting, but it may also be a legitimate use of keyring for storing and retrieving credentials securely.
  • Metadata: The package shows signs of being newly created with unusual commit patterns and an author with limited activity, indicating potential risk.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • ) try: result = subprocess.run( ["powershell", "-NoProfile", "-Command", scrip
  • , str]: result = subprocess.run( [str(python_executable), "-c", self._packa
  • on = None result = subprocess.run( [str(python_executable), "-c", self._package_v
  • try: subprocess.Popen( [ str(self.selected_i
⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • return None token = keyring.get_password(self.service_name, self._key(provider, account)) if
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com>

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • All 5 commits happened within 24 hours
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with Orange3-CanvasAgent 
Create a mini-application using the 'Orange3-CanvasAgent' package that allows users to interactively design and manage machine learning workflows with version control capabilities. The application should enable users to create, modify, and commit changes to their workflows, with the ability to revert to previous versions if needed. Here’s a detailed breakdown of the steps and features:

1. **Setup Environment**: Ensure your development environment is set up with Python and the latest version of the 'Orange3-CanvasAgent' package installed.
2. **User Interface**: Design a simple yet intuitive user interface where users can drag-and-drop various machine learning components (e.g., data sources, preprocessing tools, model training modules) onto a canvas to build their workflows.
3. **Version Control**: Implement a feature within the application that allows users to save different versions of their workflow as they make changes. Each commit should be labeled with a description and timestamp.
4. **Reversible Commits**: Utilize the 'Orange3-CanvasAgent' package's unique feature to allow users to revert to any previous committed state seamlessly. This should be accessible through a history tab or similar interface element.
5. **Interactive Learning**: Integrate real-time feedback mechanisms so that as users modify their workflows, they receive immediate performance metrics and visualizations based on the current configuration.
6. **Documentation and Help**: Provide comprehensive documentation and tooltips throughout the application to guide users through the process of building and managing their machine learning workflows effectively.
7. **Testing and Validation**: Before releasing the application, thoroughly test all functionalities to ensure stability and usability. Pay special attention to the version control and commit/revert processes.
8. **Deployment**: Once validated, deploy the application either as a standalone desktop application or as a web-based tool accessible via a browser.

This project aims to bridge the gap between interactive machine learning design and robust version management, making it easier for both beginners and experienced users to experiment and refine their workflows with confidence.