TTS-ka

v1.9.0 suspicious
6.0
Medium Risk

Ultra-fast CLI TTS for Georgian, Russian, and English (edge-tts): smart chunking, optional streaming, clipboard, dependency checker, and optional tkinter GUI.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks related to shell execution and obfuscation techniques, raising concerns about its true intentions. However, there is no clear evidence of credential harvesting or supply-chain attacks.

  • High shell risk indicating potential for command execution
  • Obfuscation through dynamic imports suggesting hidden functionalities
Per-check LLM notes
  • Network: The network pattern detected seems to be a local connection attempt, which might be benign if the package is designed to communicate with a local service.
  • Shell: The presence of shell execution patterns is concerning and suggests potential for executing arbitrary commands, which could indicate malicious intent.
  • Obfuscation: The use of dynamic imports with __import__ is suspicious and often used to obfuscate code.
  • Credentials: No clear patterns of credential harvesting were detected.
  • Metadata: The package shows some red flags such as an author with missing details and a new/inactive maintainer account, but no clear evidence of typosquatting or other malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • try: return socket.create_connection(("127.0.0.1", port), timeout=0.25) except OSError:
  • NNECT) _http_client = httpx.AsyncClient(limits=limits, timeout=timeout) return _http_client #
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • try: __import__(f"TTS_ka.{module_name}") except ImportError as e: print(
  • S_ka.constants"]: __import__(mod) def test_module_attributes(self): import impor
  • ynths_pending. gate = __import__("asyncio").Event() async def slow(text, lang, output, *, voic
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • turn the line numbers of any `os.system(...)` calls in *source*.""" tree = ast.parse(source)
  • """Static guarantee: zero `os.system(...)` calls anywhere under src/TTS_ka/.""" offending: li
  • offending == [], ( f"os.system(...) calls found (BUG-4): " + ", ".join(f"{p}:{lines
  • ) try: r = subprocess.run( [exe, "-version"], capture_output=T
  • try: result = subprocess.run(argv, shell=False, check=False) rc = result.
  • _new_session"] = True subprocess.Popen(argv, **kwargs) return True except (OSError, Val
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with TTS-ka 
Create a cross-platform desktop application named 'TextToSpeechPro' using Python and the TTS-ka package. This application will serve as a versatile text-to-speech tool, supporting Georgian, Russian, and English languages. The app should allow users to input text manually or copy from the clipboard, choose the desired language and voice, and then convert the text into speech. Additionally, the application should feature an intuitive graphical user interface (GUI) built with Tkinter, making it easy for users to interact with the TTS functionality. Here are the steps and features you need to implement:

1. **Setup**: Begin by installing TTS-ka and its dependencies. Use the TTS-ka package's smart chunking feature to handle large texts efficiently.
2. **User Interface**: Design a simple yet functional GUI using Tkinter. Include fields for text input, a dropdown menu for selecting the language, and a button to start the conversion process.
3. **Clipboard Support**: Implement a feature that allows users to paste text directly from their clipboard into the text input field.
4. **Voice Selection**: Provide options for users to select different voices for each supported language. Ensure that these voices are pre-configured within the TTS-ka settings.
5. **Streaming Option**: Offer an option for users to stream the output audio instead of downloading it, which can be useful for long texts.
6. **Dependency Checker**: Integrate TTS-ka's dependency checker to ensure all necessary components are installed before running the application.
7. **Optional Features**: Consider adding features like saving the output audio file, adjusting playback speed, and allowing users to customize the GUI theme.
8. **Testing**: Thoroughly test the application on multiple platforms (Windows, macOS, Linux) to ensure compatibility and functionality.
9. **Documentation**: Write comprehensive documentation explaining how to install and use the application, including troubleshooting tips.

By following these guidelines, you'll create a robust, user-friendly text-to-speech application that leverages the powerful capabilities of the TTS-ka package.