🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has some network-related risks due to potential unauthorized data transfers, despite legitimate API interactions. Additionally, metadata concerns arise from suspicious links and a single-package author, raising suspicion about supply-chain integrity.

Potential unauthorized data transfer via network calls
Suspicious metadata with non-HTTPS links and a single-package author

Per-check LLM notes

Network: The detection of network calls using requests.Session() may indicate legitimate API interaction but requires further investigation to ensure there is no unauthorized data transfer.
Shell: No shell execution patterns were detected, suggesting a low risk of direct system command injection.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: Suspicious non-HTTPS links and an author with a single package suggest potential risk.

📦 Package Quality Overall: Low (2.8/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (4005 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

○ Low Type Annotations 1.0

No type annotations detected

No type annotations, py.typed marker, or stub files detected

◈ Medium Multiple Contributors 5.0

Limited contributor diversity

1 unique contributor(s) across 82 commits in helloyie/akshare-proxy-patch
Single author but highly active (82 commits)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

ssion.request _auth_session = requests.Session() class AuthCache: def __init__(self): self.da

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

⚠ Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

Non-HTTPS external link: http://127.0.0.1:8080/`
Non-HTTPS external link: http://101.201.173.125:47001/api/akshare-auth?token=XXX&version=0.4.1

✓ Git Repository History

Repository helloyie/akshare-proxy-patch appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "cheapproxy.net" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with akshare-proxy-patch

构建一个名为 'StockWatcher' 的小型股票监控应用程序。该应用将利用 'akshare-proxy-patch' 包来增强数据获取功能，特别是通过东方财富网接口获取实时股票行情数据时的代理支持。用户应能够通过命令行界面输入股票代码，然后程序会显示该股票的最新市场行情，包括但不限于价格、成交量和市值。

具体步骤如下：
1. 安装必要的Python库，包括 'akshare-proxy-patch', 'pandas', 和 'requests'.
2. 使用 'akshare-proxy-patch' 自动为东方财富网接口添加代理认证头，确保数据获取过程中的稳定性。
3. 编写函数来处理用户输入的股票代码，并调用 'akshare-proxy-patch' 提供的API来获取相关股票的数据。
4. 将获取到的数据进行清洗和格式化，以便于展示。
5. 实现一个简单的命令行界面，允许用户输入股票代码并查看其最新市场行情。
6. 添加错误处理机制，当输入无效的股票代码或网络请求失败时，向用户提供友好的错误提示信息。
7. 可选地，可以增加功能如定时刷新数据、保存历史数据记录等。

该应用的核心在于 'akshare-proxy-patch' 能够自动处理代理认证问题，使得开发者无需担心复杂的代理配置，即可专注于实现核心功能。