apsi

v0.2.3 suspicious
4.0
Medium Risk

Python wrapper for labeled and unlabeled asymmetric private set intersection (APSI).

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits some suspicious characteristics, particularly regarding the author's metadata and shell execution risks, but lacks clear evidence of malicious intent.

  • Suspicious TLD in author's email domain
  • Potential risks associated with shell command execution
Per-check LLM notes
  • Network: Network calls are used to download necessary files, which is common and not inherently suspicious.
  • Shell: Shell execution patterns are likely part of the build process for integrating external dependencies like vcpkg, but warrant closer inspection to ensure commands are benign.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: The author has a single package and the email domain uses a suspicious TLD, raising some concern.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 3 test file(s) found

  • Test runner config found: conftest.py
  • 3 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3328 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 31 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 83 commits in LGro/PyAPSI
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • g from {zip_url}...") urllib.request.urlretrieve(zip_url, zip_path) extract_dir = os.path.jo
  • } from {tar_url}...") urllib.request.urlretrieve(tar_url, tar_path) print(f"Extracting APSI
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • ning vcpkg bootstrap...") subprocess.check_call([bootstrap_script], cwd=extract_dir) vcpkg_exec = os.pa
  • pkg_src_dir, "vcpkg.exe") subprocess.check_call([vcpkg_exec, "install", "--triplet", triplet] + deps, cwd=vc
  • makedirs(build_temp) subprocess.check_call(["cmake", ext.sourcedir] + cmake_args, cwd=build_temp)
  • args, cwd=build_temp) subprocess.check_call(["cmake", "--build", "."] + build_args, cwd=build_temp) se
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain score 3.0

Suspicious email domain flags: Email uses suspicious TLD: grossberger.xyz

  • Email uses suspicious TLD: grossberger.xyz
Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository LGro/PyAPSI appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Lukas Grossberger" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with apsi 
Create a privacy-preserving social networking app called 'FriendSync' that leverages the 'apsi' Python package for secure friend discovery. FriendSync allows users to discover mutual friends without revealing their entire contact list to each other. The app should have the following functionalities:

1. User Registration and Login: Allow users to create accounts and log in securely.
2. Contact List Management: Users can upload their contact lists, which will be stored locally on their device and not shared with anyone else unless explicitly agreed upon.
3. Secure Friend Discovery: Implement a feature where users can request to find mutual friends with another user. This process should use the APSI protocol provided by the 'apsi' package to ensure that only mutual friends are revealed, and no additional contacts are disclosed.
4. Privacy Settings: Users should be able to set privacy preferences regarding who they allow to discover their contacts and under what conditions.
5. Notification System: When mutual friends are found, users should receive notifications about these matches.
6. Analytics Dashboard (Optional): For developers, implement a dashboard that shows usage statistics of the app while ensuring user data remains anonymous and protected.

To utilize the 'apsi' package effectively, follow these steps:
- Integrate the package into your backend server environment.
- Use the package's functions to perform the asymmetric private set intersection between two users' contact lists when they initiate a friend discovery request.
- Ensure that the implementation adheres to the principles of zero-knowledge proofs and differential privacy to maintain the highest level of user privacy.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!