AI Analysis
Final verdict: SUSPICIOUS
The package has a moderate risk score due to the high shell risk from subprocess execution without clear context. While other risks are low, the use of subprocess could potentially be exploited.
- High shell risk due to subprocess execution
- No clear definition or control over commands executed
Per-check LLM notes
- Network: The network call to etherscan is expected and legitimate for fetching chain information.
- Shell: The presence of subprocess execution without proper context suggests potential risk, especially if the commands executed are not clearly defined or controlled within the package.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The maintainer has only one package, which may indicate a new or less active account, but there are no other suspicious flags.
Package Quality Overall: Medium (7.0/10)
β¦ High
Test Suite
9.0
Test suite present β 8 test file(s) found
Test runner config found: pyproject.tomlTest runner config found: conftest.py8 test file(s) detected (e.g. _utils.py)
β Medium
Documentation
7.0
Some documentation present
1 documentation file(s) (e.g. conf.py)Detailed PyPI description (7356 chars)
β Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
β Medium
Type Annotations
5.0
Partial type annotation coverage
67 type-annotated function signatures detected in source
β¦ High
Multiple Contributors
10.0
Active multi-contributor project
24 unique contributor(s) across 100 commits in ApeWorX/ape-etherscanActive community β 5 or more distinct contributors
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
rted_chains(): response = requests.get("https://api.etherscan.io/v2/chainlist") response.raise_
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 2.0
Found 1 shell execution pattern(s)
03", # Subprocess without shell=True "S607", # Start process with partial path # St
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: apeworx.io
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository ApeWorX/ape-etherscan appears legitimate
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "ApeWorX Ltd." appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with ape-etherscan
Create a mini-application that serves as a personal Ethereum transaction tracker using the 'ape-etherscan' Python package. This application will allow users to input their Ethereum wallet address and retrieve detailed information about recent transactions associated with that address from the Etherscan API. Hereβs a breakdown of the project steps and features: 1. **Setup Project Environment**: Initialize a new Python project and install necessary packages including 'ape-etherscan'. 2. **User Interface Design**: Develop a simple CLI (Command Line Interface) or a basic web interface using Flask for users to input their Ethereum wallet address. 3. **API Integration**: Use 'ape-etherscan' to interact with the Etherscan API. Fetch and parse transaction data based on the provided Ethereum address. 4. **Data Display**: Present the retrieved transaction data in a user-friendly format. Include details such as transaction hash, timestamp, recipient address, amount transferred, and gas fees. 5. **Error Handling**: Implement error handling to manage cases where the entered address is invalid or if there are issues connecting to the Etherscan API. 6. **Optional Features**: Consider adding optional features like saving recent searches, filtering transactions by date or amount, and exporting transaction logs. 7. **Testing**: Ensure thorough testing of your application to verify functionality across different scenarios and Ethereum addresses. 8. **Documentation**: Provide clear documentation on how to use the application, including setup instructions and usage examples. By following these steps and utilizing the 'ape-etherscan' package effectively, you'll create a valuable tool for anyone interested in tracking their Ethereum transactions easily.
π¬ Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue