ait-core

v3.1.1 suspicious
6.0
Medium Risk

NASA JPL's Ground Data System toolkit for Instrument and CubeSat Missions

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks due to its use of network calls and execution of arbitrary shell commands, which are highly suspicious behaviors that could indicate malicious intent.

  • High network risk
  • Executing arbitrary shell commands
Per-check LLM notes
  • Network: The package performs network calls which could be used for legitimate purposes but also raise concerns about potential unauthorized data transfer.
  • Shell: Executing arbitrary commands via os.system is highly risky and can be indicative of malicious intent, allowing for remote code execution.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, but no other red flags were raised.

📦 Package Quality Overall: Medium (5.4/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://ait-core.readthedocs.io/en/latest
  • Detailed PyPI description (9765 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 4 type-annotated function signatures (partial)
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 15 unique contributor(s) across 100 commits in NASA-AMMOS/AIT-Core
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ) self.socket.connect((address[0], address[1])) # TODO: Make this conf
  • ut > 0: ret = requests.post(url, json=data, timeout=conn_timeout) else:
  • else: ret = requests.post(url, json=data) ret = json.loads(ret.text)["res
  • dler_name = args["name"] requests.post("http://{}:{}/{}/start".format(host, port, handler_name), da
  • dler_name = args["name"] requests.delete("http://{}:{}/{}/stop".format(host, port, handler_name)) i
  • eap-seconds.list" r = requests.get(url) if r.status_code != 200: msg = "Un
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • ][0] status = eval(cond, caller.f_globals, caller.f_locals) elif ca
  • BBBBBBBB") data = bytearray(b"\x02\xE7\x40\x00\x00\x0B\x00\x00\x00\x01\x01\x71\x0C\x41\x00\x01") """ # CCSDS Packet # version: 000
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • Executing: %s" % command) os.system(command) def main(): log.begin() descr = (
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: googlegroups.com

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository NASA-AMMOS/AIT-Core appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AMMOS Instrument Toolkit Development Team" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ait-core 
Create a Python-based mini-application named 'CubeSat Mission Planner' that leverages the 'ait-core' package from NASA JPL to manage and simulate operations for a CubeSat mission. This application should serve as a comprehensive tool for mission planning, including satellite telemetry monitoring, mission timeline creation, and ground station communication scheduling.

The application should include the following key features:
1. **Mission Timeline Generation**: Allow users to input mission parameters such as launch date, orbit details, and mission duration. Use 'ait-core' to generate a detailed timeline of mission events, including periods of visibility from different ground stations.
2. **Telemetry Monitoring Simulation**: Simulate real-time telemetry data from the CubeSat using 'ait-core'. Users should be able to monitor simulated health and status updates, including battery levels, temperature readings, and propulsion system statuses.
3. **Ground Station Communication Schedule**: Utilize 'ait-core' to calculate optimal times for communication between the CubeSat and various ground stations based on orbital mechanics and ground station availability.
4. **Data Visualization**: Integrate 'ait-core' to visualize mission timelines and telemetry data in a user-friendly manner, possibly through graphs or charts.
5. **Customizable Alerts**: Enable users to set up alerts for critical events or anomalies in telemetry data, leveraging 'ait-core' to process and notify the user when specific conditions are met.

To achieve these features, utilize 'ait-core' for its robust framework and tools designed for instrument and CubeSat missions, focusing on telemetry handling, mission timeline management, and ground station interaction. Ensure the application provides an intuitive interface for users to interact with their CubeSat mission simulations.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!