alignn

v2026.5.20 suspicious
5.0
Medium Risk

alignn

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential risks due to its use of shell commands and unconventional code formatting, although there is no strong evidence of malicious intent.

  • High shell risk due to use of os.system and subprocess
  • Unusual code formatting possibly indicating obfuscation
Per-check LLM notes
  • Network: The network calls seem to be fetching necessary resources, which is common for packages that require external datasets or models.
  • Shell: Use of os.system and subprocess indicates the package might execute commands on the host system, which could pose a risk if not properly sanitized or controlled.
  • Obfuscation: The code appears to be using standard practices for setting up models in PyTorch, with some unusual formatting that may indicate obfuscation but is not strongly indicative of malicious intent.
  • Credentials: No patterns suggesting credential harvesting were detected.

📦 Package Quality Overall: Low (3.6/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7158 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 109 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in atomgptlab/alignn
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • est_path): response = requests.get(url, stream=True) total_size_in_bytes = int(response
  • ile(path): response = requests.get(url, stream=True) total_size_in_bytes = int(response
Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • elf.device) model.eval() self.model = model else: m
  • ) ) ff_model.eval() ff_model.to(self.device) self.ff_model = f
  • ) prop_model.eval() prop_model.to(self.device) self.prop_model
  • ): self.model = model.eval().to(device).to(dtype) self.Z = np.asarray(atomic_nu
  • dict(state) model.eval() specs.append( PropertySpec(
  • ate_dict(state) model.eval() self._models[name] = model return model
Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • om/txie-93/cgcnn.git" os.system(cmd) cwd = os.getcwd() os.chdir(cgcnn_folder) lo
  • ts("atom_init.json"): os.system(cmd) f = open("id_prop.csv", "w") for i in dataset:
  • + local_name ) os.system(cmd) os.chdir(cwd) t2 = time.time() print("Time:
  • try: VERSION = ( subprocess.check_output(["git", "rev-parse", "HEAD"]).decode().strip() ) except
  • _path, "w") as f: p = subprocess.run(cmd, stdout=f, stderr=subprocess.STDOUT) return p.return
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: nist.gov

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository atomgptlab/alignn appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Kamal Choudhary, Brian DeCost" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with alignn 
Create a Python-based molecular alignment and analysis tool using the 'alignn' package. This tool will allow users to input molecular structures and analyze them based on their alignment and structural properties. Here's a detailed breakdown of the project requirements:

1. **Project Overview**: Develop a command-line interface (CLI) application that accepts molecular structure files (e.g., .mol, .sdf) as inputs and performs alignment and analysis tasks.
2. **Features**:
   - **Molecule Input**: Allow users to upload one or multiple molecular structure files.
   - **Alignment**: Use 'alignn' to perform structural alignment of molecules, finding the best match between them based on geometric and topological similarities.
   - **Analysis**: Provide detailed analysis of aligned molecules, including but not limited to bond lengths, angles, and torsions.
   - **Visualization**: Integrate a simple visualization component to display aligned molecules side-by-side or overlaid for comparison.
   - **Output**: Generate a report summarizing the alignment results, key differences, and similarities between the molecules.
3. **Implementation Steps**:
   - Step 1: Set up your development environment with Python and install necessary packages including 'alignn'.
   - Step 2: Design the CLI interface allowing file uploads and specifying alignment options.
   - Step 3: Implement the alignment functionality using 'alignn', ensuring it supports various molecular file formats.
   - Step 4: Develop the analysis module to extract meaningful data from the aligned structures.
   - Step 5: Create visual representations of the aligned molecules using a plotting library such as Matplotlib or Plotly.
   - Step 6: Generate a comprehensive output report detailing the alignment process and findings.
4. **Utilization of 'alignn'**: The 'alignn' package will be crucial for performing the alignment task. Users should be able to choose different alignment methods provided by 'alignn' to suit their specific needs, such as global or local alignments. Additionally, leverage 'alignn' for any additional functionalities like scoring alignments or generating alignment matrices.

Your goal is to create a versatile and user-friendly tool that can be easily integrated into existing workflows for molecular scientists and researchers.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!