Sacroviewer

v0.2.0 suspicious
4.0
Medium Risk

A viewer for research outputs produced using the ACRO tools

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate risks due to shell execution for asset compilation, which increases the likelihood of misconfiguration or abuse. Despite this, there is no clear indication of malicious intent.

  • Shell risk due to npm compilation
  • Low effort and potential lack of transparency
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution is used to compile assets with npm, which could be legitimate for building front-end components but increases risk due to potential misconfiguration or abuse.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of sensitive information.
  • Metadata: The package shows signs of low effort and potential lack of transparency, but there's no concrete evidence of malicious intent.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • file=sys.stderr) subprocess.check_call("npm install", shell=True) print("Compiling ass
  • file=sys.stderr) subprocess.check_call("npm run build", shell=True) if os.path.exists(dest
  • ess.check_call("npm install", shell=True) print("Compiling assets with npm...", file=sy
  • s.check_call("npm run build", shell=True) if os.path.exists(dest_dir): shutil.r
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: uwe.ac.uk>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository AI-SDC/SACRO-Viewer appears legitimate

Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Sacroviewer 
Create a research visualization tool called 'SacroVis' using the Python package 'Sacroviewer'. This tool will enable researchers to easily visualize and analyze their outputs generated using the ACRO tools. Here’s a detailed plan on how to develop this mini-application:

1. **Setup Environment**: Begin by setting up a Python virtual environment and installing the necessary packages including Sacroviewer.
2. **Data Input**: Design a user-friendly interface where users can upload their research output files compatible with ACRO tools.
3. **Visualization**: Utilize Sacroviewer’s core functionalities to render the uploaded data into visual formats such as graphs, charts, and heatmaps. Ensure these visualizations are interactive and allow zooming, panning, and hovering over data points for more information.
4. **Analysis Tools**: Implement basic analysis tools within the application. For example, include options for filtering data based on specific criteria, calculating statistics like mean, median, mode, and standard deviation, and exporting visualizations as images or PDFs.
5. **Customization Options**: Allow users to customize the appearance of their visualizations, such as changing colors, fonts, and layout settings.
6. **Integration with Other Tools**: If possible, integrate SacroVis with other popular research tools or platforms to enhance its utility.
7. **Documentation and Help**: Provide comprehensive documentation and a help section within the application to guide users through its features and functionalities.

This project aims to streamline the process of visualizing complex research data, making it accessible and understandable for all levels of researchers.