VIStk

v0.5.2 suspicious
4.0
Medium Risk

Visual Interfacing Structure for python using tkinter

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits some suspicious behaviors including dynamic module imports and subprocess calls that might be used for hiding actions or executing scripts. However, it does not show any clear signs of credential harvesting or network abuse.

  • High obfuscation risk due to dynamic module imports
  • Potential shell risk from subprocess calls
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires internet access.
  • Shell: Subprocess calls to modify file attributes and permissions may indicate an attempt to hide files or make scripts executable, warranting further investigation.
  • Obfuscation: The code pattern suggests an attempt to dynamically import modules, which could be used for evasion techniques.
  • Credentials: No clear evidence of credential harvesting is present.
  • Metadata: The package shows signs of being potentially new or inactive, with no maintainer history and an unverified author.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • try: mod = __import__(pkg) resolved.append((pkg, os.path.dirname(mod._
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • f.writelines(lines) subprocess.call(f"chmod +x {os.path.join(platformdirs.user_desktop_path(),na
  • .endswith(".sh"): subprocess.call(f"chmod +x {os.path.join(location,file)}", shell=True) def
  • .platform == "win32": subprocess.call(["attrib", "+h", vis_dir], stdout=su
  • r=subprocess.DEVNULL) subprocess.call(["attrib", "+h", runtime_dir], stdou
  • tr(exe)): subprocess.Popen([str(exe)], cwd=str(location)) root.destroy()
  • uninstaller.exists(): subprocess.Popen([str(uninstaller)], cwd=str(inst_dir)) else: fro
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with VIStk 
Create a fully-functional mini-app that acts as a simple task manager using the Python package 'VIStk'. This app should allow users to add tasks with descriptions, set due dates, mark tasks as completed, and delete tasks. Additionally, include features such as filtering tasks by completion status or due date, and exporting the current task list to a CSV file. Use 'VIStk' to handle all graphical user interface elements, ensuring a clean and intuitive design. Explain how you utilize 'VIStk' for each major feature of the application.