acellera-openff-nagl

v0.5.5 suspicious
3.0
Low Risk

A playground for applying graph convolutional networks to molecules.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse with git commands and obfuscated code, but there is no clear evidence of malicious intent. The sparse metadata adds to the suspicion.

  • Shell risk due to git command execution
  • Obfuscation risk from use of 'eval()' and 'pickle.loads()'
  • Sparse and potentially inactive author metadata
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of any risk.
  • Shell: Git command execution may be legitimate if the package involves version control operations, but requires further investigation to ensure it's not being used maliciously.
  • Obfuscation: The use of 'eval()' and 'pickle.loads()' could indicate obfuscation or potential code injection risks, but without further context, it's unclear if this is malicious or part of legitimate functionality.
  • Credentials: No patterns indicative of credential harvesting were detected.
  • Metadata: The author's information is sparse and the account seems new or inactive, which raises some suspicion but not enough to conclusively identify it as malicious.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • eval_mode: model.eval() return model def save(self, path: str):
  • "pickled"][0] entry = pickle.loads(row) return entry @requires_package("pyarro
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ust git process = subprocess.Popen([command] + args, cwd=cwd, env=env,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: openforcefield.org>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository openforcefield/openff-nagl appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with acellera-openff-nagl 
Develop a molecular property prediction tool using the 'acellera-openff-nagl' Python package. This application will allow users to input a molecule in SMILES format and predict its properties based on graph convolutional network models trained on molecular graphs. Here are the steps and features you should include:

1. **User Input Interface**: Design a simple command-line interface where users can enter a molecule's SMILES string.
2. **Molecule Parsing**: Use the Open Force Field (OFF) toolkit to parse the input SMILES string into a molecular graph.
3. **Graph Convolutional Network Model Application**: Apply the graph convolutional network models provided by 'acellera-openff-nagl' to predict molecular properties such as solubility, boiling point, or toxicity.
4. **Output Prediction**: Display the predicted molecular properties in a user-friendly format.
5. **Optional Features**:
   - Allow users to choose which specific property they want to predict from a predefined list.
   - Implement a feature to save the predicted results to a file.
   - Include error handling for invalid SMILES inputs and model loading failures.
6. **Documentation**: Provide clear documentation explaining how to use the tool and any dependencies required.

Utilize the 'acellera-openff-nagl' package to perform the graph convolutional network operations necessary for predicting molecular properties. Ensure that your application is well-structured and modular, allowing for easy updates or integration of additional models or properties in the future.