aind-clabe

v0.10.7 suspicious
6.0
Medium Risk

A library for a minimal framework that can be used to build experimental interfaces.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits medium risk due to potential network and shell execution risks, indicating possible malicious intent. However, without concrete evidence of harmful behavior, it remains suspicious.

  • network calls to unknown destinations
  • execution of shell commands
Per-check LLM notes
  • Network: Network calls are common but could indicate data exfiltration if URLs are to unknown destinations.
  • Shell: Shell execution can be risky as it allows the package to run arbitrary commands, which may lead to system compromise.
  • Obfuscation: The presence of base64 decoding suggests possible obfuscation to hide code logic or data, which could be suspicious without clear documentation.
  • Credentials: No direct evidence of credential harvesting is observed, but caution should be exercised as obfuscated code may conceal such activities.
  • Metadata: The maintainer seems new or inactive, and the repository lacks community engagement.

📦 Package Quality Overall: Medium (5.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://allenneuraldynamics.github.io/clabe/
  • Detailed PyPI description (3201 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 185 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in AllenNeuralDynamics/clabe
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • %s", url) response = requests.get(url, timeout=self._timeout) response.raise_for_statu
  • , payload) response = requests.put(url, json=payload, timeout=self._timeout) response.r
  • """ response = requests.get(end_point, timeout=timeout) if response.ok:
  • table, id) response = requests.get(url, headers=self.headers, timeout=_REQUEST_TIMEOUT)
  • url(table) response = requests.post(url, headers=self.headers, json=data, timeout=_REQUEST_TIMEO
  • entation"} response = requests.patch(url, headers=headers, json=update_data, timeout=_REQUEST_TIM
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • mp() file_data = base64.b64decode(data_base64) logger.debug("Decoded file data: %s
  • esult: data = base64.b64decode(result['data']) with open("downloaded.txt",
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • `` """ proc = subprocess.run( command.cmd, cwd=self.cwd,
  • ``` """ subprocess.Popen( command.cmd, cwd=self.cwd,
  • try: proc = subprocess.run( cmd, shell=False,
  • """ output = subprocess.check_output( ["tasklist", "/FI", f"IMAGENAME eq {self.execut
  • is_running(): subprocess.run(["taskkill", "/IM", self.executable_path.name, "/F"], shell=
  • .config_path) return subprocess.Popen(cmd_factory, start_new_session=True, shell=True) def du
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: alleninstitute.org>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Bruno Cruz" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aind-clabe 
Your task is to develop a simple yet interactive educational tool using the 'aind-clabe' Python package. This tool will help students practice their basic arithmetic skills, such as addition, subtraction, multiplication, and division. The application should generate random math problems based on user-selected difficulty levels and provide immediate feedback on the correctness of the answers provided by the user.

Key Features:
1. User Interface: Create a clean and intuitive interface where users can select their preferred level of difficulty (easy, medium, hard).
2. Problem Generation: Implement a feature that generates arithmetic problems based on the selected difficulty level. Easy level might involve single-digit numbers, while harder levels could include double or triple digits and more complex operations.
3. Immediate Feedback: After the user inputs their answer, display whether it was correct or incorrect, and show the correct answer if necessary.
4. Score Tracking: Keep track of the user's score and display it at the end of each session.
5. Exit Option: Provide an option for the user to exit the session at any time.

Utilization of 'aind-clabe': Use the 'aind-clabe' package to create the experimental interface for your educational tool. This package allows you to quickly prototype and test different UI elements without the need for extensive setup. You'll be leveraging its ability to dynamically adjust to user input and efficiently render visual feedback to enhance the learning experience.

Your goal is to demonstrate how 'aind-clabe' can be effectively used in educational software development, focusing on simplicity and interactivity.