AI Analysis
Final verdict: SUSPICIOUS
The package uses eval for dynamic evaluation, which increases its obfuscation risk. Additionally, the maintainer's lack of an associated GitHub repository and other packages raises concerns about its legitimacy.
- High obfuscation risk due to the use of eval.
- Maintainer has only one package and no associated GitHub repository.
Per-check LLM notes
- Network: No network calls detected, which is normal unless the package requires external services.
- Shell: No shell execution patterns detected, indicating no direct system command execution.
- Obfuscation: The code snippet appears to be using eval for dynamic evaluation which can be a form of obfuscation but is not definitively malicious without more context.
- Credentials: No clear patterns indicative of credential harvesting were detected.
- Metadata: The maintainer has only one package and no associated GitHub repository, which may indicate a less established or potentially suspicious presence.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
score 2.0
Found 1 obfuscation pattern(s)
value = evaluator.eval(expr) except Exception as e: raise Formu
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: autobridgesystems.com
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "AutoBridgeSystems" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with abs-formula-core
Develop a mini-budget planner application using the Python package 'abs-formula-core'. This application will allow users to input various financial metrics such as income, expenses, savings, etc., and then calculate their net worth, monthly savings rate, and other financial health indicators based on user-defined formulas. Hereβs a step-by-step guide to building this application: 1. **Setup Environment**: Ensure you have Python installed along with the necessary packages including 'abs-formula-core' and any additional libraries like FastAPI for the backend. 2. **Define User Inputs**: Create a form where users can input their financial data such as monthly income, rent, utilities, groceries, and savings contributions. 3. **Formula Definition**: Allow users to define custom formulas for calculating financial metrics. For example, a user might want to calculate their 'Net Savings' as 'Income - Expenses + Savings'. Use 'abs-formula-core' to evaluate these formulas synchronously. 4. **Pluggable Function Registry**: Implement a feature that allows users to add custom functions to their formulas. For instance, they could define a function to calculate compound interest or tax deductions. 5. **Field-Type-Aware Substitution**: Ensure that the application correctly handles different data types (integers, floats, strings) when evaluating formulas. For example, if a user inputs a percentage for tax rate, it should be correctly interpreted and applied in the formula. 6. **Display Results**: After evaluation, display the results of each formula calculation in a user-friendly manner. Include charts or graphs to visualize financial trends over time if possible. 7. **Testing and Validation**: Test the application thoroughly to ensure that all formulas are evaluated correctly and that the application handles edge cases gracefully. This project will showcase the versatility of 'abs-formula-core' in handling complex financial calculations within a real-world application.