actiondraw

v0.1.30 suspicious
6.0
Medium Risk

A diagramming module built with PySide6 and QML

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks related to shell execution and network calls, which could potentially lead to unintended command execution and unauthorized resource access.

  • High shell risk due to unsanitized OS command execution.
  • Moderate network risk as the package fetches resources from external URLs.
Per-check LLM notes
  • Network: The network call appears to be fetching resources from a URL, which could be legitimate but requires verification of the URL's content and origin.
  • Shell: Executing commands based on operating system type can be risky if not properly sanitized and intended for malicious purposes. This suggests potential for unintended command execution.
  • Obfuscation: The usage of base64 decoding suggests some level of obfuscation, but it is not conclusive without further context on its purpose.
  • Credentials: No clear patterns of credential harvesting were detected.
  • Metadata: The maintainer seems new or inactive, and the repository lacks community engagement.

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • isk.""" try: with urllib.request.urlopen(_EFF_URL, timeout=15) as resp: raw = res
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • return QImage.fromData(base64.b64decode(payload)) except Exception: return QImage() de
  • ytes: try: return base64.b64decode(value.encode("ascii"), validate=True) except Exception a
Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • == "Darwin": subprocess.Popen(["open", path]) elif system == "Windows":
  • else: subprocess.Popen(["explorer", path]) else: subpro
  • else: subprocess.Popen(["xdg-open", path]) return True except O
  • try: completed = subprocess.run( cmd, check=False,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "oyvinrog" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with actiondraw 
Create a user-friendly diagramming tool using the 'actiondraw' Python package. This tool will allow users to create, edit, and save diagrams in various formats such as PNG, SVG, and PDF. The application should include the following core functionalities:

1. **User Interface**: Design an intuitive interface using PySide6 and QML as provided by the 'actiondraw' package. The UI should have options to add different shapes (circles, squares, arrows), change colors, and resize elements.
2. **Drawing Canvas**: Implement a drawing canvas where users can drag and drop shapes, connect them with lines, and annotate them with text.
3. **Save & Load**: Users should be able to save their diagrams locally on their device and load previously saved diagrams.
4. **Export Options**: Provide functionality to export diagrams in multiple formats like PNG, SVG, and PDF.
5. **Customization**: Allow users to customize the appearance of shapes and lines, including color, thickness, and style.
6. **Help Documentation**: Include a help section within the app that explains how to use each feature.

Utilize the 'actiondraw' package's capabilities to streamline the development process and ensure a smooth user experience. This project aims to demonstrate the flexibility and power of 'actiondraw' in creating complex applications.