TCMU

v0.17.3 suspicious
6.0
Medium Risk

Utility package for working with AMS/ADF within the Theoretical Chemistry group at the Vrije Universiteit Amsterdam (TheoCheM). Makes use of plams - a package developed by SCM

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential typosquatting and high shell risk from insecure subprocess usage, despite no direct evidence of malicious intent or credential harvesting.

  • Potential typosquatting targeting 'toml'
  • High risk associated with shell=True in subprocess calls
Per-check LLM notes
  • Network: The network calls appear to be legitimate API interactions, possibly for fetching academic references or metadata.
  • Shell: The use of `os.system` and `subprocess.check_output` with `shell=True` can pose significant security risks, potentially allowing for arbitrary command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package name is close to a common Python package, and the maintainer has only one package, which raises some suspicion.
  • Typosquatting target: toml

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • import requests data = requests.get(f"http://api.crossref.org/works/{doi}").text if data ==
  • mport requests citedby = requests.get(f"http://api.crossref.org/works?query.title={title}").text
  • (query_strings) citedby = requests.get(f"http://api.crossref.org/works?{query_string}").text #
  • import requests return requests.get(f"https://abbreviso.toolforge.org/a/{journal}").text.replace
  • n ...") self.client = paramiko.SSHClient() self.client.set_missing_host_key_policy(paramiko.A
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • in Word. """ os.system(f"open {self.file}") program_references = { "ams": [
  • ess.check_output`` with the ``shell=True`` argument enabled. """ try: ou
  • ut = sp.check_output(command, shell=True).decode() return output except sp.Calle
  • cwd=runfile_dir, stdout=out, shell=True) def add_preamble(self, line: str): """
  • lf.run_directory, stdout=out, shell=True) return self.__load_return() def __load_retur
  • e {",".join(ignored_codes)}', shell=True, stdout=sp.PIPE, stderr=sp.PIPE) # if the ruff check fa
Credential Harvesting

No credential harvesting patterns detected

Typosquatting score 3.0

Possible typosquat of: toml

  • "TCMU" is 2 edit(s) from "toml"
Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "TheoCheM group" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with TCMU 
Create a mini-application called 'TCMU Explorer' that leverages the TCMU package to facilitate the analysis and visualization of molecular dynamics simulations from AMS/ADF calculations. This application should enable users to load simulation data, visualize molecular structures, and perform basic analysis such as calculating energy levels over time, identifying critical transition states, and generating plots for key parameters like temperature and pressure.

Key Features:
1. **Data Importation**: Users should be able to import simulation data files generated by AMS/ADF into the application. The application should support common file formats used in theoretical chemistry.
2. **Visualization**: Implement a feature to visualize molecular structures in 3D space based on the imported data. Users should be able to rotate, zoom, and pan the view to explore different angles of the molecule.
3. **Energy Analysis**: Calculate and plot the total energy levels over time for the molecules in the simulation. Identify and mark any significant changes or transitions in the energy profile.
4. **Transition State Identification**: Automatically detect potential transition states within the simulation data by analyzing changes in energy levels and molecular configurations.
5. **Parameter Plotting**: Allow users to select specific parameters (e.g., temperature, pressure) and generate line graphs or scatter plots showing how these parameters change over the course of the simulation.
6. **Report Generation**: Provide an option to export analysis results and visualizations as a report in PDF format, including annotated images and tables summarizing key findings.

Utilization of TCMU Package:
- Use TCMU to parse and manipulate the raw data from AMS/ADF simulations. Specifically, utilize functions provided by TCMU to extract relevant information such as molecular coordinates, energies, and other parameters necessary for analysis and visualization.
- Leverage TCMU's integration with PLAMS for handling complex workflows and automating repetitive tasks related to data processing and analysis.
- Employ TCMU's specialized utilities for advanced chemical calculations, ensuring accurate and reliable results for all analytical operations performed by the application.