StashVideoHasherNode

v0.3.12 safe
3.0
Low Risk

Distributed Stash videohasher worker with VAAPI/NVENC/VideoToolbox support.

🤖 AI Analysis

Final verdict: SAFE

The package appears to be primarily focused on video processing with FFmpeg and FFprobe, without evident malicious activities. While there are some concerns about low maintainer activity and potential shell risks, these do not strongly indicate a supply-chain attack.

  • No signs of obfuscation or credential harvesting
  • Low network risk associated with benign SVG checks
  • Potential shell risk due to FFmpeg/FFprobe execution
Per-check LLM notes
  • Network: The network call appears to be checking the content of an SVG image, which seems related to its functionality rather than malicious activity.
  • Shell: Executing FFmpeg and FFprobe commands suggests the package is likely using these tools for video processing tasks, but it could potentially be exploited for unauthorized actions if not properly secured.
  • Obfuscation: No obfuscation patterns detected, suggesting legitimate code practices.
  • Credentials: No credential harvesting patterns detected, indicating safe handling of sensitive information.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, but there are no clear indicators of malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • if cover_image and "<svg" in requests.get(cover_image, timeout=10).content.decode('latin_1').lower():
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • ailable""" try: subprocess.run([config.ffmpeg, '-version'], capture_output=True, check=True
  • ck=True, timeout=10) subprocess.run([config.ffprobe, '-version'], capture_output=True, check=Tru
  • st_ok=True) result = subprocess.run([ config.ffmpeg, '-f', 'lavfi', '-
  • try: subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subproce
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with StashVideoHasherNode 
Create a distributed video hashing system using the 'StashVideoHasherNode' Python package. This system will enable users to efficiently hash large video files for content identification purposes. The application should include the following core functionalities:

1. **Distributed Worker Nodes**: Set up multiple worker nodes capable of processing video hashes concurrently. Each node should leverage hardware acceleration via VAAPI, NVENC, or VideoToolbox for optimized performance.
2. **Centralized Job Queue**: Implement a centralized job queue to manage incoming video files for hashing. The queue should handle task distribution among available workers.
3. **User Interface**: Develop a simple web-based user interface allowing users to upload videos and monitor the progress of their hashing jobs.
4. **Database Integration**: Store hashed data and metadata about processed videos in a relational database such as PostgreSQL for easy querying and analysis.
5. **Error Handling and Logging**: Ensure robust error handling and logging mechanisms to track any issues during the hashing process.
6. **Security Measures**: Incorporate basic security measures such as authentication for accessing the user interface and encryption for stored data.
7. **Performance Monitoring**: Include tools or scripts to monitor the performance of each worker node and the overall system efficiency.

The 'StashVideoHasherNode' package will be utilized to perform the actual hashing operations on video files. It supports various hardware accelerations which significantly speed up the hashing process. Your task is to integrate this package into your distributed system architecture effectively while ensuring scalability and reliability.