Unit3Dup

v0.11.8 suspicious
6.0
Medium Risk

An uploader for the Unit3D torrent tracker

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate level of risk due to its high shell execution risk and network risk, which could potentially indicate malicious intent or vulnerabilities.

  • High shell execution risk
  • Moderate network risk
Per-check LLM notes
  • Network: Network calls could be legitimate if the package requires API interactions, but unusual endpoints or patterns may indicate data exfiltration.
  • Shell: Shell execution is risky and can be indicative of command injection vulnerabilities or malicious behavior, especially without clear documentation or purpose.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: Low activity and metadata quality suggest potential low effort or inactivity, but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • 1 response = requests.post( self.get_endpoint(), data = data, files
  • HANNEL_ID response = requests.get(self.url, params=self.params) if response.status_co
  • che"): self.session = httpx.Client( timeout=httpx.Timeout(30), headers=headers, ver
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • try: result = subprocess.run(command, capture_output=True, text=True, check=True)
  • try: result = subprocess.run(command, capture_output=True, check=True, timeout=20)
  • ] try: subprocess.run(command, capture_output=True, check=True) if not
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository 31December99/Unit3Dup appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Parzival" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Unit3Dup 
Create a fully-functional mini-application named 'TorrentTrackerUploader' using the Python package 'Unit3Dup', which is specifically designed to upload torrents to the Unit3D tracker. Your application should have a user-friendly interface and must include the following functionalities:

1. User Authentication: Allow users to sign in or register on the Unit3D tracker through your application. Ensure that the application securely handles user credentials.
2. Torrent Upload: Enable users to select a torrent file from their local machine and upload it to the Unit3D tracker via the 'Unit3Dup' package. Include options for specifying additional details such as category, tags, and description.
3. Upload Status Tracking: Implement a feature that allows users to track the status of their uploaded torrents, including any errors or completion notifications.
4. Optional Features:
   - A search function to find torrents already uploaded by the user.
   - Integration with a simple UI framework like Tkinter or PyQt5 for a desktop application experience.
   - Support for command-line usage for those preferring non-GUI environments.

The application should utilize the 'Unit3Dup' package to handle all interactions with the Unit3D tracker, ensuring that all uploads are processed efficiently and securely. Additionally, document your code thoroughly and provide clear instructions for installing and running your application.