abxpkg

v1.11.175 suspicious
6.0
Medium Risk

System package manager interfaces with Python type hints

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant network and shell execution risks, suggesting potential for supply-chain attacks. However, there is no evidence of obfuscation, credential harvesting, or other direct malicious activities.

  • High network risk due to external URL calls
  • High shell risk due to potential system modifications
Per-check LLM notes
  • Network: The presence of network calls to external URLs suggests potential data exfiltration or C2 activities.
  • Shell: Executing shell commands can indicate attempts to modify the system environment or install additional software, which might be indicative of malicious behavior.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package has a non-secure external link and the maintainer has only one package, which may indicate a new or less active account.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • try: with urllib.request.urlopen( url, timeout=timeou
  • try: with urllib.request.urlopen( exact_url,
  • try: with urllib.request.urlopen( registry_url, timeo
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ersion': lambda: SemVer.parse(os.system('wget --version')), # 'install': lambda: os.
  • # 'install': lambda: os.system('brew install wget'), # }, # } f
  • (explicit_env) return subprocess.run( cmd, cwd=str(cwd), **kw
  • ) sudo_proc = subprocess.run( sudo_cmd, cwd=str(c
  • _env ) proc = subprocess.run( cmd, cwd=str(cwd_path),
  • return ( subprocess.run( [interpreter, "-c", f"import {module}"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://abxpkg.archivebox.io
Git Repository History

Repository ArchiveBox/abxpkg appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Nick Sweeting, ArchiveBox" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with abxpkg 
Create a command-line utility named 'SysPkgManager' using Python that leverages the 'abxpkg' package to manage system packages in a type-safe manner. This utility should allow users to perform common package management tasks such as installing, upgrading, removing, and listing packages available on their system. Additionally, the utility should provide functionality to check if a specific package is installed, show detailed information about a package, and handle dependencies automatically during installation processes.

Key Features:
1. Install a package: Accepts a package name as input and installs it using the underlying system package manager, ensuring all dependencies are resolved and installed first.
2. Upgrade a package: Takes a package name and upgrades it to the latest version available.
3. Remove a package: Deletes a specified package along with its configurations and dependencies.
4. List all installed packages: Displays a list of all currently installed packages on the system.
5. Check package status: Verifies if a given package is installed and prints its current version.
6. Detailed package info: Shows comprehensive details about a specified package including version, size, dependencies, and any other relevant information.
7. Dependency resolution: Automatically resolves and installs any missing dependencies when installing or upgrading a package.

How to Utilize 'abxpkg':
- Use 'abxpkg' to interface with the system package manager, providing type hints for inputs and outputs to ensure robustness and safety.
- Leverage the package's capabilities to query the package database, install packages, remove packages, and more.
- Ensure all operations are performed safely and efficiently by utilizing 'abxpkg's type hints and error handling mechanisms.

Your task is to design and implement this utility, ensuring it is user-friendly, efficient, and adheres to best coding practices.