adeu

v1.9.0 suspicious
7.0
High Risk

Automated DOCX Redlining Engine

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple risky behaviors including potential unauthorized network interactions, shell command execution, obfuscation techniques, and credential harvesting, suggesting it might pose a significant security threat.

  • High network and shell risks due to external service interaction and command execution
  • Obfuscation and credential harvesting attempts indicating possible malicious intent
Per-check LLM notes
  • Network: The detected network calls to 'api/v1/auth/me' and '/shared-mailboxes' suggest the package may be interacting with an external service, potentially unauthorized.
  • Shell: The use of subprocess.Popen and subprocess.run to execute commands like 'uv run adeu-server', 'open', and 'xdg-open' indicates potential for arbitrary command execution, which could be a security risk.
  • Obfuscation: The use of base64 encoding to write bytes to a file suggests an attempt to hide the true nature of the data being written, which is suspicious.
  • Credentials: The use of keyring.get_password indicates an attempt to retrieve credentials from a system password store, which is highly indicative of credential harvesting.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, but no other red flags are present.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • api/v1/auth/me" req = urllib.request.Request( url, headers={
  • "url": url}) with urllib.request.urlopen(req) as response: data = json.loads(
  • /shared-mailboxes" req = urllib.request.Request( url, headers={ "Authori
  • ) try: with urllib.request.urlopen(req) as response: mailboxes = json.loads
  • /v1/emails/search" req = urllib.request.Request( url, data=body, headers={
  • ra={"url": url}) with urllib.request.urlopen(req) as response: data = json.loads(resp
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • file_path.write_bytes(base64.b64decode(b64_data)) local_files.append(str(fi
  • parts_data[zip_name] = base64.b64decode(b64_data) parts_meta.append((raw_name, content_t
Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • tool schemas...") proc = subprocess.Popen( ["uv", "run", "adeu-server"], stdin=subproc
  • form == "darwin": subprocess.run(["open", str(p)], check=True) else: subp
  • ue) else: subprocess.run(["xdg-open", str(p)], check=True) return add_timing_
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • try: return keyring.get_password(KEYRING_SERVICE_NAME, KEYRING_ACCOUNT_NAME) except E
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository dealfluence/adeu appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Mikko Korpela, Uzair Ahmed" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with adeu 
Your task is to develop a fully-functional mini-application called 'DocRedlinePro' using Python, which leverages the 'adeu' package to automate the process of redlining documents in DOCX format. This application will serve as a powerful tool for legal professionals, editors, and writers who need to track changes and comments in their documents efficiently.

Step 1: Define the Core Functionality
- The application should allow users to upload a DOCX file via a simple UI or command-line interface.
- Upon uploading, the application should automatically detect any existing tracked changes or comments within the document.
- Users should be able to add new comments and mark changes directly through the application.
- The application should then generate a new version of the document with all tracked changes and comments clearly marked.

Step 2: Enhance with Additional Features
- Implement a feature that allows users to merge multiple versions of a document into one, resolving conflicts between different edits.
- Add functionality to export the final document in both DOCX and PDF formats.
- Include an option to email the final document directly from the application.
- Provide a summary report of all changes made and comments added during the redlining process.

Step 3: Utilize Adeu Package
- Use the 'adeu' package to handle all operations related to reading, modifying, and writing DOCX files.
- Leverage 'adeu' to efficiently parse and extract information about tracked changes and comments from uploaded documents.
- Employ 'adeu' to apply user-added comments and changes seamlessly.
- Ensure that all operations performed on the document are compliant with Microsoft Word's standards for tracked changes and comments.

Additional Instructions:
- Design the application to be user-friendly, with clear instructions and feedback messages throughout the process.
- Ensure robust error handling to manage cases where the uploaded document is corrupted or not compatible with the application.
- Consider implementing a demo mode that allows users to test the application with sample documents before uploading their own files.
- Document your code thoroughly and provide clear installation instructions for setting up the environment.