AI Analysis
Final verdict: SUSPICIOUS
The package has moderate network risk due to external server communication, but low risks in other categories. The new or inactive maintainer and lack of community engagement raise additional concerns, warranting further investigation before use.
- Moderate network risk
- Inactive or new maintainer
- Lack of community engagement
Per-check LLM notes
- Network: The network calls indicate the package communicates with external servers which could be legitimate for functionality but also raises concerns about data privacy and potential misuse.
- Shell: No shell execution patterns detected, suggesting low risk for direct system command injection or execution.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The maintainer seems new or inactive, and the repository lacks community engagement, raising some concerns but not definitive signs of malice.
Heuristic Checks
Outbound Network Calls
score 9.0
Found 6 network call pattern(s)
turn False response = requests.get( f"{self.portal_url}/sdk/check_test/",str, Any]: response = requests.get( f"{self.portal_url}/computableModel/ModelInfo_nturn False response = requests.get( f"{self.manager_url}/GeoModeling/task/verify/{mas fh: response = requests.post( f"{self.data_url}/data/", f.{suffix}" response = requests.get(url, timeout=120) response.raise_for_status()} response = requests.post( f"{cfg.dify_base_url.rstrip('/')}/workflows/run
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: nnu.edu.cn
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "Peilong Ma" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with PyGeoModel
Create a geospatial data explorer app using Python and the PyGeoModel package. This app will allow users to interactively explore various geographic models provided by the OpenGMS platform. Your task is to develop a user-friendly interface where users can select different geographic regions and visualize corresponding models, including but not limited to terrain elevation, land use, and climate zones. The app should also enable users to download selected model data for further analysis. Hereβs a detailed breakdown of the requirements: 1. **User Interface Design**: Design a clean and intuitive UI using a framework like Tkinter or PyQt. The UI should include options for selecting geographic regions and models. 2. **Integration with PyGeoModel**: Use PyGeoModel to fetch geographic model data from the OpenGMS API. Ensure that you handle authentication if required by the API. 3. **Data Visualization**: Implement a feature to visualize the fetched geographic models on a map. Libraries like Matplotlib or GeoPandas can be used for this purpose. 4. **Download Functionality**: Allow users to download the selected model data in formats such as CSV or shapefiles. 5. **Error Handling**: Implement robust error handling to manage issues like network errors, invalid inputs, etc. 6. **Documentation**: Provide comprehensive documentation explaining how to install dependencies, run the app, and interpret the visualizations. Suggested Features: - Support for multiple geographic models per region. - Interactive zoom and pan functionality on the map. - Tooltip information for each model displayed when hovering over specific areas. - Option to overlay multiple models on the same map for comparative analysis. Remember to utilize PyGeoModel effectively throughout the development process to ensure seamless integration with the OpenGMS services.