aioqbt

v1.1.0 suspicious
5.0
Medium Risk

API library for qBittorrent with asyncio

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse due to its ability to execute shell commands without clear sanitization measures, while network and metadata risks are relatively low.

  • High shell risk due to execution of shell commands
  • Low network and metadata risks
Per-check LLM notes
  • Network: Network calls are typical for packages that interact with web services or APIs, but the lack of context makes it hard to assess their legitimacy.
  • Shell: Execution of shell commands can be risky if not properly sanitized and controlled, suggesting potential for misuse or unintended behavior.
  • Metadata: The maintainer has only one package on PyPI, indicating a new or less active account which may warrant further investigation.

📦 Package Quality Overall: Medium (6.8/10)

✦ High Test Suite 9.0

Test suite present — 30 test file(s) found

  • Test runner config found: pyproject.toml
  • Test runner config found: conftest.py
  • 30 test file(s) detected (e.g. conftest.py)
✦ High Documentation 9.0

Well-documented package

  • Documentation URL: "Documentation" -> https://aioqbt.readthedocs.io/en/latest/
  • 3 documentation file(s) (e.g. _sphinx_monkeypatch.py)
  • Detailed PyPI description (1321 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 427 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in tsangwpx/aioqbt
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • p is None: http = aiohttp.ClientSession() http_owner = True else: ht
  • edential. """ http = aiohttp.ClientSession( cookies=login.cookies, ) url = login.url
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • return 0 completed = subprocess.run( args, **kwargs, ) return completed.
  • on_done = False process = subprocess.Popen( args, stdin=subprocess.DEVNULL, std
  • me, "512", ] subprocess.run( cert_args, cwd=str(tmp_path), check
  • apture_output=True, ) subprocess.run( dh_args, cwd=str(tmp_path), check=T
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository tsangwpx/aioqbt appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Aaron Tsang" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aioqbt 
Your task is to create a command-line utility in Python that manages torrent downloads using the qBittorrent client via the 'aioqbt' package. This utility should allow users to add torrents from URLs, start and stop downloads, manage download speeds, and retrieve information about ongoing and completed downloads. The utility will be built around asynchronous programming principles to ensure smooth performance even when handling multiple torrents concurrently.

### Features:
1. **Add Torrent**: Users should be able to input a magnet link or a .torrent file URL to add a new torrent to the download queue. The utility should validate the input and provide feedback if the input is invalid.
2. **Start/Stop Downloads**: Provide commands to start or stop individual or all active downloads. Ensure that stopping a download gracefully pauses it rather than forcefully cancelling.
3. **Speed Management**: Implement functionality to set upload and download speed limits for the entire client or specific torrents.
4. **Download Information**: Display details of ongoing and completed downloads such as name, size, progress, status, and estimated time remaining.
5. **User Interface**: Design a simple yet intuitive CLI interface that guides users through each action and provides real-time updates on their requests.
6. **Error Handling**: Incorporate robust error handling to manage exceptions such as network issues, invalid inputs, or server unavailability.
7. **Logging**: Integrate logging to record important actions and errors for troubleshooting purposes.

### Utilizing 'aioqbt':
- Use 'aioqbt' to establish a connection to your local qBittorrent instance. Ensure you handle authentication securely.
- Leverage the package's asynchronous capabilities to perform operations without blocking the main thread, which is crucial for managing multiple concurrent downloads efficiently.
- Explore 'aioqbt' methods related to adding torrents, controlling download states, setting speed limits, and retrieving download statuses to implement the above features.
- Pay special attention to the documentation of 'aioqbt' for understanding how to properly utilize its asynchronous functions and context managers.

### Deliverables:
- A fully functional Python script that meets the outlined requirements.
- A README file detailing how to install dependencies, run the script, and use the command-line options.
- Unit tests to verify the correctness of each feature.

This project will not only enhance your skills in asynchronous programming but also provide practical experience in working with APIs and handling complex user interactions through a command-line interface.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!