AI Analysis
Final verdict: SUSPICIOUS
The package shows some unusual characteristics that warrant further investigation, particularly regarding metadata and network calls.
- Suspicious non-HTTPS links in the package description
- New maintainer account with limited history
Per-check LLM notes
- Network: Network calls are likely for fetching dictionary data from an external source, which is expected behavior for a dictionary application.
- Shell: No shell execution patterns detected, indicating no immediate risk related to executing system commands.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: Suspicious non-HTTPS links and a new maintainer account suggest potential risks, but insufficient evidence for high suspicion.
Heuristic Checks
Outbound Network Calls
score 3.0
Found 2 network call pattern(s)
try: async with httpx.AsyncClient() as client: resp = await client.get(self.setry: async with httpx.AsyncClient() as client: resp = await client.get(url, he
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
score 6.0
Found 3 suspicious link(s) on the package page
Non-HTTPS external link: http://fanyi.youdao.com/openapiNon-HTTPS external link: http://127.0.0.0:3697/query?phrase=Non-HTTPS external link: http://127.0.0.1:3679/query`,可替换为实际自定义服务地址.
Git Repository History
Repository hellflame/youdao appears legitimate
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "hellflame" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with YoudaoDict
Create a command-line tool using Python that integrates the 'YoudaoDict' package to provide comprehensive word lookup functionality. This tool should enable users to enter any English word and receive definitions, pronunciation guides, example sentences, and translations into Chinese. Additionally, consider adding features such as saving frequently looked-up words into a user profile, allowing users to rate the usefulness of the provided information, and offering suggestions based on the inputted word. The goal is to make this tool both educational and user-friendly, providing quick access to essential language learning resources.