AI Analysis
Final verdict: SUSPICIOUS
The package exhibits some suspicious traits, particularly concerning shell execution and potential obfuscation, though it lacks clear indicators of malicious intent.
- Shell execution detected
- Potential obfuscation via pickle.loads
Per-check LLM notes
- Network: No network calls detected, which is normal unless the package relies on internet services.
- Shell: Shell execution suggests potential runtime environment interaction, which could be benign but requires further investigation into package functionality.
- Obfuscation: The use of 'pickle.loads' might indicate obfuscation or encoding, but it is also commonly used for serialization in legitimate applications.
- Credentials: No patterns indicative of credential harvesting were detected.
- Metadata: The maintainer appears new and there are no PyPI classifiers, indicating potential low effort or poor metadata quality.
Package Quality Overall: Medium (6.0/10)
◈ Medium
Test Suite
6.0
Partial test coverage signals detected
Test runner config found: pyproject.toml
◈ Medium
Documentation
7.0
Some documentation present
Documentation URL: "Documentation" -> https://eth-ait.github.io/aitviewer/Detailed PyPI description (5414 chars)
○ Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
87 type-annotated function signatures detected in source
✦ High
Multiple Contributors
10.0
Active multi-contributor project
9 unique contributor(s) across 100 commits in eth-ait/aitviewerActive community — 5 or more distinct contributors
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
score 4.0
Found 2 obfuscation pattern(s)
ocket: data = pickle.loads(message) # Equeue data for the main thread tdata = pickle.loads(message) # Equeue data for the main
Shell / Subprocess Execution
score 2.0
Found 1 shell execution pattern(s)
er process. process = subprocess.Popen( popen_args, stdout=subprocess.PIPE,
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository eth-ait/aitviewer appears legitimate
Maintainer History
score 4.0
2 maintainer concern(s) found
Author "Manuel Kaufmann, Velko Vechev, Dario Mylonopoulos" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with aitviewer
Create a 3D viewer application using the 'aitviewer' Python package. This application will allow users to visualize and manipulate sequences of 3D data, such as point clouds, meshes, and animations. The app should have a user-friendly interface where users can load their own 3D data files or select from a set of preloaded examples. Key functionalities include: 1. Loading and displaying various types of 3D data (point clouds, meshes, animations). 2. Interactive manipulation of the 3D view (rotation, zooming, panning). 3. Animation playback control (play, pause, rewind, fast-forward). 4. Saving the current view state as an image. 5. Basic data filtering options (e.g., color-based filtering for point clouds). 6. Integration of custom shaders for enhanced visual effects. Utilize the 'aitviewer' package to handle the loading, rendering, and interaction aspects of the 3D data. The application should leverage 'aitviewer' to provide real-time feedback and smooth performance during user interactions. Additionally, explore the use of 'aitviewer' for advanced features like multi-view rendering and support for different file formats commonly used in 3D data visualization.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue