animaworks

v0.8.0 suspicious
6.0
Medium Risk

AnimaWorks - Digital Anima Framework with library-type memory

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant network and shell execution risks, which could potentially be exploited for malicious activities. However, the lack of obfuscation and credential harvesting patterns slightly mitigates these concerns.

  • High network risk due to external service calls
  • High shell risk due to Popen usage
Per-check LLM notes
  • Network: The package makes network calls to external services which could be used for unexpected purposes like data exfiltration or command and control communications.
  • Shell: Execution of arbitrary commands via Popen suggests potential for executing harmful scripts or commands on the user's system.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer's author information is incomplete, and the account seems new or inactive, raising some suspicion.

📦 Package Quality Overall: Medium (5.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/xuiltul/animaworks#readme
  • Detailed PyPI description (28427 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 488 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in xuiltul/animaworks
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ons.""" try: with socket.create_connection((host, port), timeout=1): return True except
  • (h, p): try: with socket.create_connection((h, p), timeout=1): return True except OSErr
  • try: response = requests.post(f"{gateway_url}/api/animas/{args.anima}/restart", timeout=30
  • try: response = requests.post( f"{gateway_url}/api/animas/reload-all",
  • try: response = requests.post( f"{gateway_url}/api/animas/{args.anima}/reload"
  • anima response = requests.get(f"{gateway_url}/api/animas/{args.anima}", timeout=10.0)
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ) # noqa: SIM115 proc = subprocess.Popen( cmd, stdout=log_file, stderr=subpro
  • ...") try: proc = subprocess.Popen(cmd, cwd={project_root!r}, **subprocess_session_kwargs())
  • ) # noqa: SIM115 proc = subprocess.Popen( [sys.executable, "-c", helper_code], stdout
  • lure.""" try: r = subprocess.run( cmd, capture_output=True,
  • s True on success.""" r = subprocess.run( ["pip3", "install", "--break-system-packages", "--q
  • return False r = subprocess.run( ["claude", "update"], capture_output=True,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://HOST/setup/`.
Git Repository History

Repository xuiltul/animaworks appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with animaworks 
Create a digital animation studio mini-app using the Python package 'animaworks'. This app will allow users to create and manipulate simple 2D animations with features such as frame creation, layer management, and basic transformation tools like scaling, rotating, and translating objects. Additionally, the app should support importing and exporting animations in common formats like GIF and SVG.

Steps to Build the App:
1. **Setup Environment**: Ensure you have Python installed and set up a virtual environment. Install the 'animaworks' package via pip.
2. **Design the User Interface**: Use a Python GUI framework like PyQt or Tkinter to design the main interface of the app. The interface should include sections for the canvas where animations are displayed, a timeline for managing frames, and controls for editing layers and transformations.
3. **Implement Core Features**:
   - **Frame Creation**: Allow users to add new frames to their animations.
   - **Layer Management**: Enable adding, removing, and reordering layers within frames.
   - **Transformations**: Provide tools for scaling, rotating, and translating objects on each layer.
4. **Utilize 'animaworks' Package**: Use 'animaworks' to handle the underlying logic of storing and manipulating the animations. The package's library-type memory feature should be leveraged to efficiently manage the state of animations across different frames and layers.
5. **Export Animations**: Implement functionality to export completed animations into GIF and SVG formats.
6. **Testing and Debugging**: Test all features thoroughly to ensure smooth operation and fix any bugs.
7. **Documentation**: Write documentation explaining how to use the app and provide examples of creating simple animations.

Suggested Features:
- Support for importing images and shapes into layers.
- Timeline scrubbing to preview animations at different points.
- Keyframe interpolation for smooth transitions between frames.
- A playback feature to view animations in real-time.

By following these steps and utilizing the capabilities provided by the 'animaworks' package, you'll develop a versatile and user-friendly digital animation studio mini-app.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!