anyweb

v0.6.2 suspicious
6.0
Medium Risk

CLI-first browser automation with platform intelligence

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits medium risk due to potential shell execution and obfuscation, which could mask malicious intent. However, there is no clear evidence of credential theft or severe network abuse.

  • High shell risk
  • Moderate obfuscation risk
Per-check LLM notes
  • Network: The network patterns detected suggest the package is performing HTTP requests, which could be normal for web-related functionality but should be reviewed to ensure it's not unauthorized data transfer.
  • Shell: The shell execution patterns indicate that the package might be invoking external commands and installing additional software, which poses a higher risk of potential misuse or unintended behavior.
  • Obfuscation: The code uses obfuscation techniques which could be used to hide malicious activities, but it's not conclusive without more context.
  • Credentials: No clear signs of credential harvesting detected.
  • Metadata: The author has only one package and the git repository is not found, which raises some suspicion.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 11 test file(s) found

  • Test runner config found: pyproject.toml
  • 11 test file(s) detected (e.g. test_accessibility.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (6846 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 185 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • try: async with aiohttp.ClientSession() as session: async with session.get(
  • y: async with aiohttp.ClientSession() as session: async with session.get(
  • ebsockets async with aiohttp.ClientSession() as session: async with session.get(
  • ohttp async with aiohttp.ClientSession() as session: try: async
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • yweb.core.config.ANYWEB_DIR", __import__("pathlib").Path("/nonexistent")): with patch.dict(os.environ,
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • import subprocess subprocess.run(["tail", "-f", str(lp)]) return lines = lp.read
  • if pw_path: result = subprocess.run( ["playwright", "install", "--dry-run"],
  • )) else: result = subprocess.run( [sys.executable, "-m", "playwright", "install",
  • ht browsers...") result = subprocess.run( [sys.executable, "-m", "playwright", "install", "ch
  • start_url) proc = subprocess.Popen( cmd, stdout=subprocess.DEVN
  • try: out = subprocess.check_output(["ps", "-o", "rss=", "-p", str(pid)], text=True)
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "mixiaomi" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with anyweb 
Your task is to develop a simple yet powerful web automation tool using the 'anyweb' package. This tool will be designed to automate the process of logging into a website and scraping specific data from it. The application should be named 'WebScraperBot' and it should be capable of handling multiple websites with different login mechanisms and data structures.

Step 1: Set up your development environment with Python installed and the 'anyweb' package.
Step 2: Create a CLI interface where users can input the URL of the target website, their login credentials, and specify which data they want to scrape.
Step 3: Implement functionality within 'WebScraperBot' that uses 'anyweb' to navigate through the website, fill out login forms, and handle CAPTCHAs or other security measures if present.
Step 4: Once logged in, the bot should navigate to the specified pages and extract the desired data, such as product prices, user reviews, or contact information.
Step 5: The scraped data should be stored locally in a structured format like CSV or JSON for further analysis.
Step 6: Enhance the tool by adding error handling and retry logic to deal with network issues or changes in the website structure.
Step 7: Add a feature that allows users to schedule regular runs of the scraper, perhaps using cron jobs or similar scheduling tools.

Suggested Features:
- Support for multiple login methods (e.g., username/password, OAuth).
- Dynamic form field detection to adapt to changing website layouts.
- Option to output scraped data directly to a database instead of a file.
- A user-friendly help guide within the CLI for common commands and troubleshooting tips.

How 'anyweb' is utilized:
- 'anyweb' simplifies the process of browser automation by providing intelligent platform support, meaning you don't need to write separate code for different operating systems or browsers. It handles the intricacies of web navigation and interaction, allowing you to focus on defining the workflow and data extraction logic.