AI Analysis
Final verdict: SUSPICIOUS
The package shows moderate risk due to potential obfuscation techniques and incomplete maintainer information, though there are no direct signs of malicious activity.
- Obfuscation risk indicated by use of MiniRacer and eval
- Incomplete maintainer information
Per-check LLM notes
- Network: The observed network calls seem to be typical for fetching data from APIs and web scraping, which aligns with the package's likely purpose of retrieving financial or other types of data.
- Shell: No shell execution patterns were detected.
- Obfuscation: The use of MiniRacer and eval on file_data suggests code execution from strings, which is often used for obfuscation or to bypass certain security checks.
- Credentials: No clear signs of credential harvesting were detected, but the presence of a static app_id might indicate that it's being used as part of an API key or similar.
- Metadata: The maintainer information is incomplete and the author seems new or inactive, but no typosquatting or suspicious HTTPS links suggest high risk.
Package Quality Overall: Low (3.8/10)
○ Low
Test Suite
1.0
No test suite detected
No test files or test-runner configuration detected
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (9798 chars)
○ Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
81 type-annotated function signatures detected in source
◈ Medium
Multiple Contributors
6.0
Limited contributor diversity
2 unique contributor(s) across 100 commits in akfamily/akshareTwo distinct contributors found
Heuristic Checks
Outbound Network Calls
score 9.0
Found 6 network call pattern(s)
/api/hour/130000.xml" r = requests.get(url) soup = BeautifulSoup(r.content, features="xml")"DAY", } r = requests.get(url, params=params) temp_df = pd.read_html(StringIO(Safari/537.36" } r = requests.post(url, data=payload, headers=headers) data_text = r.textencode_param", need)} r = requests.post(url, data=params, headers=headers) temp_text = ctx.call("DAY", } r = requests.get(url, params=params) return pd.read_html(StringIO(r.tMONTH", } r = requests.get(url, params=params) return pd.read_html(StringIO(r.t
Code Obfuscation
score 8.0
Found 4 obfuscation pattern(s)
ctx = MiniRacer() ctx.eval(file_data) method = "GETCITYPOINTAVG" city_param = cctx = MiniRacer() ctx.eval(file_data) app_id = "4f0e3a273d547ce6b7147bfa7ceb4b6e"TYPERIOD" timestamp = ctx.eval("timestamp = new Date().getTime()") p_text = json.dumps(info("cninfo.js") js_code.eval(js_content) mcode = js_code.call("getResCode1") head
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gmail.com>
Suspicious Page Links
score 10.0
Found 22 suspicious link(s) on the package page
Non-HTTPS external link: http://mirrors.aliyun.com/pypi/simple/Non-HTTPS external link: http://data.eastmoney.comNon-HTTPS external link: http://www.100ppi.com/Non-HTTPS external link: http://www.nafmii.org.cn/Non-HTTPS external link: http://www.99qh.com/Non-HTTPS external link: http://www.chinamoney.com.cn/chinese/
Git Repository History
Repository akfamily/akshare appears legitimate
Maintainer History
score 4.0
2 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with akshare
Create a financial dashboard mini-app using Python's 'akshare' package. This app will provide users with real-time stock market data, including stock prices, volume, and historical data analysis. The primary goal of this project is to enable users to monitor their investment portfolios efficiently and make informed decisions based on current market trends. ### Project Features: - **Real-Time Stock Prices**: Display real-time stock prices for a list of selected stocks. - **Volume Analysis**: Show trading volumes over time to identify trends and patterns. - **Historical Data Visualization**: Provide charts and graphs for historical price data, allowing users to analyze past performance. - **Portfolio Management**: Allow users to input their own portfolio details and track the overall value of their investments. - **Alert System**: Implement an alert system that notifies users via email or SMS when specific conditions are met (e.g., price drops below a certain threshold). ### Utilization of 'akshare': - Use 'akshare' to fetch real-time stock prices and historical data. For example, use `ak.stock_zh_a_daily` to get daily stock data from Chinese markets. - Integrate 'akshare' functions to dynamically update the dashboard with the latest information, ensuring users always have access to up-to-date market data. - Leverage 'akshare' for its extensive financial data coverage, including but not limited to stock prices, indices, and futures. ### Development Steps: 1. Set up your development environment with Python and install necessary libraries including 'akshare'. 2. Design the user interface, focusing on clarity and ease-of-use. 3. Implement backend functionality using 'akshare' to fetch and process financial data. 4. Develop visualization components to present data effectively. 5. Add interactive elements like sliders or dropdowns to allow users to customize their view. 6. Test the application thoroughly to ensure reliability and accuracy of data. 7. Deploy the application so it can be accessed by users either locally or online.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue