Package Metadata

Author: André von Arx
Email: [email protected]
PyPI: a9x-webstatistics
Python: >=3.8
Versions: 466 releases
First release: 27 Apr 2024, 16:35 UTC
Analysed: 05 Jun 2026, 23:03 UTC
Source files: 54 .py files scanned

Project Links

Bug Reports Documentation Homepage Source Code

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersIntended Audience :: Information TechnologyLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is flagged due to its use of shell=True, which poses a significant security risk. However, there are no indications of malicious intent from other checks.

High shell risk due to use of shell=True
Maintainer has only one package, raising some suspicion

Per-check LLM notes

Network: No network calls detected, which is normal if the package does not require internet access.
Shell: Use of shell=True can be risky as it may allow execution of arbitrary commands, suggesting potential for misuse.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The maintainer has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

-print', capture_output=True, shell=True, text=True) #print(cmddata.stdout) #print(
-altr', capture_output=True, shell=True, text=True) print(cmddata.stdout)

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: outlook.de

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository ava007/a9x-webstatistics appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "André von Arx" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with a9x-webstatistics

Create a web analytics dashboard using the Python package 'a9x-webstatistics'. This application will provide real-time statistics about website traffic, user behavior, and popular pages. The dashboard should allow users to visualize data such as unique visitors, page views, bounce rates, and session durations. Additionally, it should include functionality to filter data by date range, display top visited URLs, and show referral sources. Utilize the 'a9x-webstatistics' package to gather and process the necessary data from a sample website. The application should be built using Flask for the backend and integrate with a frontend framework like React or Vue.js for interactive visualizations. Ensure that the design is user-friendly and the data presentation is clear and insightful.