access-nri-intake

v1.6.2 suspicious
5.0
Medium Risk

Intake catalog managed by ACCESS-NRI and associated tools

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential code injection risks due to the use of 'eval', which could be exploited. While there are no immediate indications of malicious intent, the overall risk is elevated.

  • Use of 'eval' with user-provided input
  • New or less active maintainer account
Per-check LLM notes
  • Network: No network calls detected, which is normal.
  • Shell: Shell executions appear to be validating the existence and help output of local commands, possibly for dependency checks or documentation purposes.
  • Obfuscation: The use of 'eval' with user-provided input suggests potential for code injection and obfuscation.
  • Credentials: No direct evidence of credential harvesting, but caution should be exercised due to the presence of eval.
  • Metadata: The maintainer has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • n self _obj = eval(search_expr, self.user_namespace) # type: ignore[has-type]
  • e.strip() instance = eval(subscript_expression, self.user_namespace) if isins
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • rks """ exit_status = os.system("catalog-build --help") assert exit_status == 0 exi
  • tatus == 0 exit_status = os.system("metadata-validate --help") assert exit_status == 0
  • tatus == 0 exit_status = os.system("metadata-template --help") assert exit_status == 0
  • tatus == 0 exit_status = os.system("build-esm-datastore --help") assert exit_status == 0
  • tatus == 0 exit_status = os.system("scaffold-catalog-entry --help") assert exit_status == 0
  • lag exit_status_noforce = os.system(CMD_noforce) assert ( exit_status_noforce ),
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "ACCESS-NRI" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with access-nri-intake 
Create a web-based data explorer application using Python and the 'access-nri-intake' package. This application will allow users to browse and interact with datasets provided by ACCESS-NRI, a leading provider of climate data and services. Your task is to develop a user-friendly interface where users can search for specific datasets, view metadata, and download subsets of data directly from the web interface. Additionally, implement features that enable users to visualize basic statistics of the datasets and compare multiple datasets side by side.

Steps to follow:
1. Set up your development environment with Python, Flask, and the 'access-nri-intake' package.
2. Use 'access-nri-intake' to connect to the ACCESS-NRI data catalog and retrieve available datasets.
3. Design a simple but effective front-end using HTML/CSS/JavaScript, ensuring responsive design for mobile devices.
4. Implement back-end logic in Flask to handle user requests, including searching, filtering, and downloading data.
5. Integrate basic data visualization capabilities, such as line charts and histograms, using libraries like Plotly or Matplotlib.
6. Add functionality for comparing multiple datasets by allowing users to select and overlay their visualizations.
7. Ensure that all interactions with the dataset metadata and data itself are handled efficiently and securely.
8. Test your application thoroughly to ensure it works correctly across different scenarios and devices.
9. Document your code and provide instructions on setting up and running the application.

Suggested Features:
- Advanced search capabilities with filters based on keywords, date ranges, and geographical regions.
- User authentication and authorization for managing access to sensitive datasets.
- Real-time updates for datasets that have new versions or revisions.
- Support for exporting data in various formats, such as CSV, Excel, and JSON.
- Integration with external APIs for additional data sources or services.

How 'access-nri-intake' is Utilized:
- The 'access-nri-intake' package is used to establish a connection to the ACCESS-NRI data catalog, which contains metadata about the available datasets. It allows you to query this catalog to find information about datasets, including descriptions, authors, publication dates, and file locations.
- Once connected, you can use 'access-nri-intake' to fetch actual data files from the catalog for display and analysis within your application.