altium-monkey

v2026.6.1.post1 suspicious
6.0
Medium Risk

A toolkit for manipulating Altium files

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to potential obfuscation techniques and the use of os.system() which could pose a security threat if misused.

  • High obfuscation risk
  • Use of os.system()
Per-check LLM notes
  • Network: No network calls detected, which is normal for most packages.
  • Shell: Use of os.system() can be risky if not properly sanitized or used with user input, potentially allowing execution of arbitrary commands.
  • Obfuscation: The presence of base64 decoding and zlib decompression without clear purpose suggests potential obfuscation to hide code logic.
  • Credentials: No explicit credential harvesting patterns detected, but further investigation is recommended.
  • Metadata: The maintainer's author name is missing and the account seems new or inactive, which raises some suspicion but not enough to conclusively determine malice.

📦 Package Quality Overall: Low (3.6/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7322 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 934 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 22 commits in wavenumber-eng/altium_monkey
  • Single author but highly active (22 commits)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 5 obfuscation pattern(s)

  • a\n" _TINY_TRANSPARENT_PNG = base64.b64decode( "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQ
  • return b"" return base64.b64decode(text) def _write_bytes_child( element: etree._Elem
  • try: return zlib.decompress(self.compressed_data) except Exception as e:
  • _ZLIB_PREFIX: return zlib.decompress(data[1:]) return data def _decode_metadata_string(
  • es: try: return zlib.decompress(payload) except zlib.error: return bytes(paylo
Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • path}"' result = os.system(cmd) if result != 0: log.error
  • tium. Uses os.system() with cmd.exe to reliably handle the pipe character
  • : Exit code from os.system() (0 = success) """ script_project = Path(
  • nd: {cmd}") return os.system(cmd) def open(self, file_path: str | Path) -> bool:
  • try: result = subprocess.run( ["taskkill", "/F", "/IM", "X2.EXE"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: wavenumber.net>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository wavenumber-eng/altium_monkey appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with altium-monkey 
Create a Python-based utility named 'Altium File Manager' that leverages the 'altium-monkey' package to streamline the management of Altium design files. This tool will allow users to perform various operations on their PCB designs, such as copying specific components from one file to another, merging multiple PCB files into a single comprehensive design, and generating a report detailing all components used across multiple projects.

Step 1: Set up your development environment with Python installed and the 'altium-monkey' package imported.
Step 2: Design a simple command-line interface where users can select from a menu of options such as 'Copy Components', 'Merge Designs', and 'Generate Report'.
Step 3: Implement the 'Copy Components' feature which allows users to specify a source and destination file, then select components by name or type to copy over.
Step 4: Develop the 'Merge Designs' functionality enabling users to combine multiple PCB files into a single project, ensuring no component names clash.
Step 5: Create the 'Generate Report' function that outputs a CSV file listing all unique components used across specified files, including quantity and type.
Step 6: Add error handling to manage potential issues like file not found errors or component naming conflicts.
Step 7: Test the application thoroughly with different scenarios to ensure reliability and accuracy.
Step 8: Document the code with comments explaining each section and provide a README.md file outlining setup instructions and usage examples.

The 'altium-monkey' package is utilized throughout the project for parsing and manipulating Altium files. Specifically, it is used to read in PCB designs, extract components, handle file paths, and write out modified designs or reports.