aorta-sirius

v0.131 suspicious
6.0
Medium Risk

(No description)

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to its network behavior and metadata indicators. While there is no direct evidence of malicious activity, the lack of description and potential insecure network practices raise concerns.

  • Network risk due to unverified SSL connections
  • Suspicious metadata including inactive maintainer account
Per-check LLM notes
  • Network: The package makes network calls to PyPI and uses HTTPX with an unverified SSL connection, which could be a security risk.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating low risk of secret theft.
  • Metadata: The maintainer's new or inactive account and lack of PyPI classifiers suggest low effort, which may indicate potential risk.

πŸ“¦ Package Quality Overall: Low (3.0/10)

β—‹ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
β—‹ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
β—ˆ Medium Contributing Guide 7.0

Some contribution signals present

  • Governance file: security.py
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 140 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • nse response: Response = requests.get(f"https://pypi.org/pypi/{get_package_name()}/json") asse
  • httpx.AsyncClient] = lambda: httpx.AsyncClient(timeout=httpx.Timeout(connect=5.0, read=read_timeout, write=
  • rl) _session.client = httpx.AsyncClient(verify=False, timeout=60) return _session class IBKRE
  • # } # # async with httpx.AsyncClient() as client: # response: httpx._models.Response = aw
βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: kih.com.sg

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Kavindu Athaudha" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with aorta-sirius 
Develop a small yet impactful project using the Python package 'aorta-sirius'. Although the package lacks a formal description, let's assume it offers tools for processing and analyzing astronomical data. Your task is to create a mini-application called 'StellarExplorer' which allows users to input coordinates of celestial objects and retrieve key information about them. The application should be able to handle basic queries like star brightness, distance from Earth, and constellation location.

Here’s a step-by-step guide on what your StellarExplorer should do:
1. **User Interface**: Design a simple command-line interface where users can enter the celestial object's name or coordinates.
2. **Data Retrieval**: Use 'aorta-sirius' to fetch data based on user inputs. Ensure you're utilizing its core functionalities effectively for data processing.
3. **Output Information**: Display relevant information about the celestial object, including but not limited to its magnitude, distance from Earth, and its constellation.
4. **Additional Features**:
   - Implement error handling for invalid inputs.
   - Allow users to save their search history.
   - Provide options to visualize the position of the celestial object in the sky (using external libraries if necessary).
5. **Documentation**: Write clear documentation explaining how to use the application and any dependencies required.

Remember, the goal is to demonstrate proficiency in using 'aorta-sirius' while building a useful tool for astronomy enthusiasts.