AI Analysis
Final verdict: SAFE
The package shows low risks across multiple categories, including shell execution, obfuscation, and credential harvesting. The network risk is moderate due to external communication, but there are no clear signs of malicious intent.
- Moderate network risk due to external communication
- Low risks in other categories
Per-check LLM notes
- Network: The presence of network calls to a base URL suggests the package communicates with an external server, which could be for legitimate purposes like API interaction but requires scrutiny to ensure it's not for malicious activities.
- Shell: No shell execution patterns were detected, indicating a low risk for direct system command execution.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: Low activity and metadata quality suggest potential low effort or inactivity, but no clear indicators of malicious intent.
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
global _http _http = httpx.AsyncClient( base_url=BRIDGE_BASE, timeout=httpx.Timeout
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 4.0
2 maintainer concern(s) found
Author "Adelaida Diaz-Roa" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with adelaidasofia-whatsapp-mcp
Create a Python-based mini-app called 'WhatsApp Message Forwarder' that leverages the 'adelaidasofia-whatsapp-mcp' package to streamline the process of forwarding messages across multiple WhatsApp groups. This app will serve as a tool for group administrators who need to share important announcements or updates efficiently. **Steps to Create the App:** 1. **Setup Environment**: Install Python and necessary libraries including 'adelaidasofia-whatsapp-mcp'. Ensure you have a running instance of the Go bridge REST API required by 'adelaidasofia-whatsapp-mcp'. 2. **User Interface Design**: Develop a simple command-line interface (CLI) where users can input their WhatsApp credentials, select source and target groups, and enter the message content. 3. **Authentication & Authorization**: Implement a secure way to authenticate users with their WhatsApp accounts. Use OAuth 2.0 for authentication and store tokens securely. 4. **Message Forwarding Logic**: Utilize the 'adelaidasofia-whatsapp-mcp' package to connect to the WhatsApp server via the Go bridge REST API. Write functions to send messages to specified groups. 5. **Error Handling & Logging**: Add robust error handling to manage issues like connection failures or invalid inputs. Log all actions and errors for auditing and troubleshooting. 6. **Enhancements**: Consider adding features such as scheduling message sending times, allowing users to attach files/images, and implementing rate limiting to prevent abuse. **Core Features Utilizing 'adelaidasofia-whatsapp-mcp':** - Connect to WhatsApp through the Go bridge REST API. - Send text messages to multiple groups simultaneously. - Retrieve message status updates from the WhatsApp server. This project not only demonstrates the capabilities of 'adelaidasofia-whatsapp-mcp' but also provides practical value for group administrators looking to improve their communication efficiency.