PayPerTranscript

v0.4.0 suspicious
6.0
Medium Risk

Open-Source Voice-to-Text mit Pay-per-Use Pricing

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to potential credential misuse and lack of repository evidence. While there's no direct evidence of malicious intent, the combination of factors raises concerns about possible supply-chain compromise.

  • Medium credential risk due to keyring usage
  • No associated repository found
Per-check LLM notes
  • Obfuscation: No obfuscation patterns detected in the code.
  • Credentials: The code retrieves secrets from keyring which could be used for legitimate purposes but also poses a risk of credential harvesting if misused.
  • Metadata: The repository is not found and the maintainer has only one package, which may indicate suspicious activity.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • rn.""" try: req = urllib.request.Request( url, headers={
  • }, ) with urllib.request.urlopen(req, timeout=TIMEOUT) as resp: return js
  • ut.""" try: req = urllib.request.Request(PYPI_URL, headers={"Accept": "application/json"})
  • lication/json"}) with urllib.request.urlopen(req, timeout=TIMEOUT) as resp: data = js
  • ormat) self._client = httpx.Client(timeout=timeout_seconds) log.info("ElevenLabsSTTProv
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • """ try: result = subprocess.run( [ sys.executable,
  • cript") if entry: subprocess.Popen([entry]) else: subprocess.Popen([sys.executable,
  • en([entry]) else: subprocess.Popen([sys.executable, "-m", "paypertranscript"]) log.info("Ap
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • n accounts: key = keyring.get_password(KEYRING_SERVICE, account) if key:
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "PayPerTranscript Contributors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with PayPerTranscript 
Create a fully-functional mini-app called 'Speech2Note' which leverages the 'PayPerTranscript' package to provide users with a convenient way to transcribe their audio files into text notes. This app should have a simple and intuitive user interface where users can upload an audio file, select a language, and receive a transcription of the audio content within seconds. The app will charge users based on the duration of the audio file, following the pay-per-use pricing model provided by the 'PayPerTranscript' service.

Key Features:
1. User-friendly interface for uploading audio files.
2. Automatic detection and selection of the correct language for transcription.
3. Real-time cost estimation based on the audio file's duration.
4. Secure payment processing for the transcription service using a popular payment gateway API.
5. Email notification to users once the transcription is complete and ready for download.
6. Option to save transcriptions directly to a cloud storage service like Google Drive or Dropbox.

Utilization of 'PayPerTranscript':
- Integrate 'PayPerTranscript' as the core voice-to-text engine. Use its API to process uploaded audio files and generate text transcripts.
- Implement the pay-per-use pricing model provided by 'PayPerTranscript', calculating costs based on the duration of the audio file.
- Handle billing and payments through integration with a payment gateway, ensuring secure transactions and accurate billing according to 'PayPerTranscript's pricing structure.