adaup

v0.2.0 suspicious
4.0
Medium Risk

A Python package for interacting with Cardano.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to its shell execution capabilities and limited metadata. It should be used with caution until more information is gathered.

  • Shell risk due to subprocess execution
  • Single package from maintainer
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require internet access.
  • Shell: Subprocess execution may indicate legitimate functionality but could also signify potential for executing arbitrary commands, warranting further investigation.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package, which might indicate a new or less active developer, but no other red flags are present.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • d)) try: result = subprocess.run(command, capture_output=True, text=True,check=raise_error)
  • t_path): result = subprocess.run( [ cardano_cli_path,
  • ano devnet...") process = subprocess.Popen(cmd) try: _wait_for_socket(cardano_cli_path, so
  • /stderr process = subprocess.Popen( cmd, stdout=subprocess.PIPE
  • xecution result = subprocess.run(cmd, capture_output=True, text=True) # Print al
  • _dir}" ) try: subprocess.run(["bash", "-lc", installer_cmd], check=True) except subpr
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: bhattarai.me

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository dquadrant/kuber appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Sudip Bhattarai" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with adaup 
Create a fully-functional mini-application called 'AdaWallet' using the Python package 'adaup', which is designed for interacting with the Cardano blockchain. This application will serve as a simple wallet management tool for Cardano users. Here’s a detailed breakdown of what the application should accomplish:

1. **User Authentication**: Implement a basic user authentication system where users can create an account, log in, and manage their profile.
2. **Address Management**: Allow users to generate new payment addresses for receiving ADA (Cardano’s native token).
3. **Transaction History**: Display a history of transactions for each address linked to the user's account.
4. **Balance Inquiry**: Provide real-time balance information for each address.
5. **Send Transactions**: Enable users to send ADA from one address to another within the same wallet or to external addresses.
6. **Security Features**: Incorporate basic security measures such as password protection for sensitive operations like sending funds.
7. **API Integration**: Utilize the 'adaup' package to interact with the Cardano blockchain, including fetching transaction details, generating addresses, and sending transactions.
8. **User Interface**: Develop a simple command-line interface (CLI) for interacting with the wallet.

**Features to Consider**:
- Implement error handling for common issues like invalid inputs, network errors, and insufficient funds.
- Include documentation on how to install and use the application.
- Ensure the application is secure and user data is protected.
- Add functionality to support multi-address wallets for advanced users.
- Consider adding support for staking ADA if time allows.

**How 'adaup' is Utilized**:
- Use 'adaup' to generate new payment addresses for users.
- Fetch the balance of these addresses using 'adaup'.
- Retrieve transaction history via 'adaup' calls.
- Send ADA from one address to another through 'adaup' transactions.
- Monitor the status of transactions and update the user accordingly.

This project aims to provide a practical introduction to working with the Cardano blockchain through a hands-on application.