actionstreamer

v1.4.7 suspicious
7.0
High Risk

A library for the ActionStreamer API.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning behaviors including high credential risk, potential obfuscation, and unusual network calls, indicating possible malicious intent or misuse.

  • High credential risk due to accessing '/etc/hosts' and using keyring
  • Potential obfuscation through base64 decoding and AES encryption
Per-check LLM notes
  • Network: The network calls are typical for packages that interact with external services, but unusual naming ('OST', 'TCH') might indicate potential misuse.
  • Shell: Use of shell commands and subprocess execution can be legitimate but also pose risks if not properly sanitized or used for unintended purposes.
  • Obfuscation: The use of base64 decoding and AES encryption could indicate obfuscation, but it's also common in legitimate cryptographic operations.
  • Credentials: Accessing the '/etc/hosts' file and using keyring to get passwords suggests potential unauthorized credential harvesting activities.
  • Metadata: The maintainer has only one package and no associated GitHub repository, which may indicate a less experienced or potentially suspicious actor.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • OST': response = requests.post(url, headers=headers, data=body, params=parameters, verify=v
  • GET': response = requests.get(url, headers=headers, params=parameters, verify=verify, time
  • PUT': response = requests.put(url, headers=headers, data=body, params=parameters, verify=v
  • TCH': response = requests.patch(url, headers=headers, data=body, params=parameters, verify=v
  • ETE': response = requests.delete(url, headers=headers, params=parameters, verify=verify, time
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • * 16 encrypted_bytes = base64.b64decode(encrypted_base64_text) aes_cipher = AES.new(normalize
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • e change immediately os.system(f'hostname {new_hostname}') print(f"Hostname chan
  • the videos try: subprocess.run(['ffmpeg', '-f', 'concat', '-safe', '0', '-i', temp_file_pat
  • the videos try: subprocess.run(['ffmpeg', '-f', 'concat', '-safe', '0', '-i', list_file_pat
  • + output_file_path #subprocess.run(['ffmpeg', '-f', 'concat', '-safe', '0', '-i', list_file_pat
  • e_path], check=True) subprocess.run(command, shell=True) except subprocess.CalledProcessErr
  • in seconds.""" result = subprocess.run(['ffmpeg', '-i', file_path], stderr=subprocess.PIPE, stdout=
Credential Harvesting score 10.0

Found 4 credential access pattern(s)

  • try: secret_value = keyring.get_password(service_name, account_name) except keyring.errors.Keyri
  • e + '\n') # Update /etc/hosts with open('/etc/hosts', 'r') as hosts_file:
  • etc/hosts with open('/etc/hosts', 'r') as hosts_file: hosts_content = hosts_fi
  • lines() with open('/etc/hosts', 'w') as hosts_file: for line in hosts_conten
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: actionstreamer.com

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "ActionStreamer" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with actionstreamer 
Your task is to develop a real-time video analytics application using the 'actionstreamer' Python package, which leverages the ActionStreamer API. This application will enable users to upload video clips and receive instant insights such as object detection, facial recognition, and behavior analysis. The application should have a simple user interface that allows users to upload videos, monitor the progress of the analysis, and view the results in a visually appealing format.

Steps to complete this project:
1. Set up your development environment by installing Python and the 'actionstreamer' package.
2. Design a basic web application using Flask or Django to serve as the frontend for uploading videos and displaying analysis results.
3. Implement a backend service that interacts with the ActionStreamer API via the 'actionstreamer' package to process uploaded videos.
4. Integrate real-time progress tracking so users can see how their video is being analyzed.
5. Display the analysis results in a user-friendly manner, including visualizations like charts or graphs where appropriate.
6. Ensure the application is secure by implementing proper authentication and authorization mechanisms.
7. Test the application thoroughly to ensure it handles various types of input and edge cases effectively.
8. Document your code and provide instructions on how to set up and run the application.

Suggested Features:
- User registration and login system
- Video upload functionality with file size limits
- Real-time progress bar or status updates during video processing
- Interactive visualizations of analysis results
- Error handling for invalid inputs or API failures
- Support for multiple video formats and resolutions

The 'actionstreamer' package will be used to interact with the ActionStreamer API, facilitating tasks such as video upload, initiating analysis jobs, and retrieving processed data. Your goal is to create a robust, scalable, and user-friendly application that showcases the capabilities of the 'actionstreamer' package.