anncsu-sdk

v0.0.9 suspicious
6.0
Medium Risk

ANNCSU Software Development Kit for API consumption

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning behaviors including potential insecure network calls and risky shell command execution, while also showing signs of low maintainer activity and poor metadata quality.

  • network risk due to unclear SSL verification
  • shell risk from executing non-sanitized commands
  • low maintainer activity and poor metadata quality
Per-check LLM notes
  • Network: The network call patterns indicate standard HTTP requests which could be part of normal SDK functionality, but the lack of context around 'follow_redirects' and 'verify_ssl' parameters raises some concern about potential insecure connections.
  • Shell: Executing shell commands like 'os.system("clear")' can be risky as it may lead to unintended behavior or security vulnerabilities, especially if not properly sanitized or controlled.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (54218 chars)
✦ High Contributing Guide 9.0

Has contribution guidelines and governance files

  • Governance file: security.py
  • Governance file: security.py
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 203 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • is None: client = httpx.Client(follow_redirects=True) client_supplied = False
  • e: async_client = httpx.AsyncClient(follow_redirects=True) async_client_supplied = F
  • access_token()) client = httpx.Client(verify=verify_ssl) return AnncsuConsultazione( s
  • access_token()) client = httpx.Client(verify=verify_ssl) # ModI pre-request hook (AUDIT_REST_
  • SSL verification client = httpx.Client(verify=verify_ssl) return AnncsuConsultazione(
  • SSL verification client = httpx.Client(verify=verify_ssl) # Create hooks with ModI pre-request
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • if clear_screen: os.system("clear") # Output the token (use print instead of c
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: geobeyond.it>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with anncsu-sdk 
Create a weather forecast mini-application using the ANNCSU SDK in Python. This application will fetch real-time weather data from the ANNCSU API and display it in a user-friendly format. The core functionalities of the application include fetching current weather conditions, displaying hourly forecasts for the next 24 hours, and providing a 7-day summary forecast.

Step 1: Set up your development environment with Python and install the 'anncsu-sdk' package via pip.

Step 2: Obtain an API key from the ANNCSU website to authenticate requests to their API.

Step 3: Design a simple command-line interface where users can input a city name to retrieve weather information.

Step 4: Implement functions to make API calls using the 'anncsu-sdk'. Use these functions to get current weather conditions, hourly forecasts, and daily summaries.

Step 5: Parse the API responses to extract relevant weather details such as temperature, humidity, wind speed, and precipitation probability.

Step 6: Display the parsed data in a structured format on the command line. Include options for Celsius or Fahrenheit temperature units.

Suggested Features:
- Option to save historical weather data to a local file for future reference.
- Add graphical representation of weather trends using libraries like matplotlib.
- Implement error handling for invalid inputs or failed API calls.
- Allow users to set preferences for notification alerts based on specific weather conditions.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!