aniworld

v4.4.2 suspicious
6.0
Medium Risk

AniWorld-Downloader is a command-line tool for downloading and streaming movies and series.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant obfuscation and shell execution risks, suggesting potential malicious intent. However, without concrete evidence of credential theft or clear supply-chain compromise indicators, the risk cannot be definitively classified as malicious.

  • High obfuscation risk
  • Potential unauthorized software installation via shell commands
Per-check LLM notes
  • Network: Network calls appear to be fetching resources which is common for many packages, but the URLs should be verified.
  • Shell: Executing shell commands to install packages on user systems suggests elevated risk as it may indicate unauthorized software installation.
  • Obfuscation: The code uses multiple layers of encoding and decoding, which is suspicious and likely intended to obscure the actual functionality.
  • Credentials: No clear patterns for harvesting credentials were detected, but caution is advised.
  • Metadata: The maintainer has a new or inactive account and lacks detailed author information, raising some suspicion but not conclusive evidence of malice.

πŸ“¦ Package Quality Overall: Medium (6.4/10)

β—ˆ Medium Test Suite 6.0

Partial test coverage signals detected

  • 2 test file(s) detected (e.g. test_aniworld_models.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "documentation" -> https://readthedocs.org
  • Detailed PyPI description (11882 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 45 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 15 unique contributor(s) across 100 commits in phoenixthrush/AniWorld-Downloader
  • Active community β€” 5 or more distinct contributors

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • try: resp = requests.get(url, headers=headers, timeout=5) resp.raise_for_
  • try: resp = requests.get(target, timeout=10, stream=True) resp.raise_for_
⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • s += "=" * pad return base64.b64decode(s) def _extract_file_code(url): """Extract the file co
  • lace("_", "") step3 = base64.b64decode(step2).decode() step4 = shift_back(step3, 3)
  • ack(step3, 3) step5 = base64.b64decode(step4[::-1]).decode() return json.loads(step5) e
⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • rompt_user=False) subprocess.run( [ str(seven_zip_path),
  • == "Windows": subprocess.run( ["winget", "install", "-e", "--id", pkg
  • == "Darwin": subprocess.run(["brew", "install", pkg_name], check=True) else:
  • h("apt"): subprocess.run(["sudo", "apt", "update"], check=True) s
  • eck=True) subprocess.run( ["sudo", "apt", "install", "-y", pk
  • pacman"): subprocess.run(["sudo", "pacman", "-Sy", pkg_name], check=True)
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: phoenixthrush.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository phoenixthrush/AniWorld-Downloader appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with aniworld 
Create a mini-application named 'AnimeStream' using the Python package 'aniworld'. This application will serve as a user-friendly interface for downloading and streaming anime movies and series directly from AniWorld. Here’s a step-by-step guide on how to develop this application:

1. **Setup Environment**: Begin by setting up a virtual environment for your project and installing the necessary packages including 'aniworld'. Ensure all dependencies are listed in a requirements.txt file.
2. **Application Structure**: Design a clean and organized structure for your project, including directories for source code, configuration files, and documentation.
3. **User Interface**: Develop a simple yet effective command-line interface (CLI) for users to interact with 'AnimeStream'. The CLI should allow users to search for anime titles, view available episodes, and download/stream them.
4. **Core Functionality**: Utilize the 'aniworld' package to implement the following core functionalities:
   - Search for anime titles based on keywords.
   - List available episodes for selected anime titles.
   - Download episodes directly to the user's device.
   - Stream episodes through a web-based player integrated into the CLI.
5. **Additional Features**:
   - Implement a feature that allows users to create and manage their watchlist.
   - Add support for subtitles in multiple languages.
   - Include a rating system where users can rate downloaded/streamed episodes.
6. **Testing & Debugging**: Thoroughly test the application to ensure all features work as expected. Address any bugs or issues encountered during testing.
7. **Documentation**: Write comprehensive documentation explaining how to install, configure, and use 'AnimeStream'. Include examples and best practices.
8. **Deployment**: Package the application so it can be easily installed and run on different systems. Consider deploying it to a platform like PyPI for wider distribution.

Remember to follow best coding practices throughout the development process, ensuring the code is clean, efficient, and maintainable.