amg-player

v2026.5.16.1 suspicious
6.0
Medium Risk

Browse & play embedded tracks from Angry Metal Guy music reviews

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate level of risk due to its use of shell commands and obfuscation techniques, which could potentially be exploited for malicious purposes.

  • High shell risk due to uncontrolled execution
  • Significant obfuscation suggesting hidden intentions
Per-check LLM notes
  • Network: The use of network calls is common for downloading content, but the lack of clear documentation may raise suspicion.
  • Shell: Executing shell commands can be risky if not properly sanitized and controlled, especially if used to modify files or system settings.
  • Obfuscation: The use of base64 decoding and binary data suggests possible obfuscation to hide code logic or data, raising concern for potential malicious intent.
  • Credentials: No clear patterns indicative of credential harvesting were detected.
  • Metadata: The author has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

πŸ“¦ Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present β€” 3 test file(s) found

  • 3 test file(s) detected (e.g. __init__.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2928 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 61 type-annotated function signatures detected in source
β—ˆ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in desbma/amg-player
  • Single author but highly active (100 commits)

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • ": USER_AGENT} response = requests.get(url, headers=headers, timeout=TCP_TIMEOUT, proxies=PROXY)
⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • self.assertIn(cover_data, base64.b64decode(tags["metadata_block_picture"][0])) self.assertTrue(
  • data = b"\xff\xd8\xff\xdb\x00C\x00\x03\x02\x02\x02\x02\x02\x03\x02\x02\x02\x03\x03\x03\x03\x04\x06\x04\x04\x04\x04\x04\x08\x06\x06\x05\x06\t\x08\n\n\t\x08\t\t\n\x0c\x0f\x0c\n\x0b\x0e\x0b\t\t\r\x11\r
  • 11\r\x0e\x0f\x10\x10\x11\x10\n\x0c\x12\x13\x12\x10\x13\x0f\x10\x10\x10\xff\xc9\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xcc\x00\x06\x00\x10\x10\x05\xff\xda\x00\x08\x01\x01\x00\x00?\x00\xd2\xcf \xff\xd9" review = amg.ReviewMetadata(
⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • : {shlex.join(cmd)}") subprocess.run(cmd, check=True, cwd=tmp_dir) return merged_filepath
  • tend(track_filepaths) subprocess.run(rsgain_cmd, check=True) # move tracks cur_u
  • .join(cmd)}") subprocess.run(cmd, check=True) else: for track_url in track_u
  • )}") dl_process = subprocess.Popen(cmd_dl, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
  • hlex.join(cmd)}") subprocess.run(cmd, check=True, stdin=dl_process.stdout) def cl_main():
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository desbma/amg-player appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "desbma" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with amg-player 
Create a mini-application called 'MetalReviewPlayer' using the Python package 'amg-player'. This application will allow users to browse through metal music reviews written by Angry Metal Guy and play embedded audio tracks directly within the app. Here’s a step-by-step guide on how to develop this application:

1. **Setup Environment**: Begin by setting up your Python environment and installing the 'amg-player' package. Ensure you have all necessary dependencies installed.
2. **Application Structure**: Design the basic structure of the application. It should include a main menu where users can choose between browsing reviews or playing tracks.
3. **Integration with 'amg-player'**: Utilize the 'amg-player' package to fetch reviews and their embedded audio tracks. Implement functions to display the list of available reviews and to play selected tracks.
4. **User Interface**: Develop a simple but effective command-line interface (CLI) for interacting with the application. Consider adding options for filtering reviews by genre, year, or keyword.
5. **Enhanced Features**: Optionally, implement additional features such as saving favorite reviews, viewing detailed information about each track, or even downloading tracks (if permissions allow).
6. **Testing and Validation**: Thoroughly test the application to ensure smooth functionality and user experience. Validate that all links work correctly and that the player can handle different types of audio files.
7. **Documentation and Deployment**: Write documentation for the application, explaining how to install it, use its features, and troubleshoot common issues. Finally, deploy the application so it can be easily accessed by other metal enthusiasts.

This project aims to provide a comprehensive tool for metal music fans to explore new tracks and enjoy reviews from one of the most respected voices in heavy metal.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!