aavaaz

v0.9.0 suspicious
7.0
High Risk

Aavaaz — production-grade speech-to-text platform built on WhisperLive

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high credential risk due to potential unauthorized access to AWS credentials, moderate obfuscation risk, and is from a possibly new or inactive maintainer, raising concerns about its legitimacy.

  • High credential risk (8/10)
  • Moderate obfuscation risk (5/10)
  • Potentially new or inactive maintainer
Per-check LLM notes
  • Network: The observed network calls appear to be related to service health checks and audio transcription requests, which could be legitimate if the package is designed for audio processing services.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The use of base64 encoding and decoding may indicate an attempt to obscure code logic, but it could also be used for legitimate data handling purposes.
  • Credentials: The detection of environment variable access for AWS credentials suggests potential unauthorized data harvesting unless explicitly documented and used within the package's intended functionality.
  • Metadata: The package is new and maintained by a potentially new or inactive account, raising some suspicion but not definitive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • try: req = urllib.request.Request( url, data=data,
  • ) response = urllib.request.urlopen(req, timeout=timeout) status = response.
  • ervice health.""" r = httpx.get( f"{self.base_url}/health", headers=
  • s(self.features) r = httpx.post( f"{self.base_url}/v1/audio/transcriptions",
  • = self.features r = httpx.post( f"{self.base_url}/v1/audio/transcriptions",
Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • coded"): body_bytes = base64.b64decode(body) else: body_bytes = body.encode() if isinst
  • Encoded"): body = base64.b64decode(body).decode() payload = json.loads(body) if isinsta
  • me) audio_bytes = base64.b64decode(payload["audio_base64"]) Path(local_path).write_
  • m = { "waveform": __import__("torch").tensor(audio_np).unsqueeze(0), "sample_rate": s
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • NVIRONMENT", "prod") REGION = os.environ.get("AWS_REGION", "us-east-1") _dynamodb = boto3.resource("dynamodb"
  • etc.) endpoint_url = os.environ.get("AWS_ENDPOINT_URL") if endpoint_url: kwargs["
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository collabora/aavaaz appears legitimate

Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package is very new: uploaded 3 day(s) ago
  • Author "Collabora Ltd" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aavaaz 
Create a real-time speech-to-text transcription tool using the 'aavaaz' Python package. Your application should allow users to record audio directly from their device's microphone and display the transcribed text in real-time. Additionally, implement features such as saving the transcriptions to a local file, providing options to adjust the quality of the transcription, and offering the ability to pause and resume recording. Utilize the core functionalities of 'aavaaz' to handle the live audio streaming and transcription process. Ensure the app has a user-friendly interface, whether it's a command-line tool or a graphical user interface.