ardu-imconvert

v2.0.3 suspicious
5.0
Medium Risk

Image converter for Arduboy with real-time preview and multiple output formats

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential obfuscation and lacks maintainer history, raising concerns about its legitimacy.

  • High obfuscation risk due to encoded binary data
  • Lack of maintainer history and secure links
Per-check LLM notes
  • Network: No network calls detected, which is normal for many packages.
  • Shell: Subprocess execution might be used for legitimate purposes but could indicate potential risk if not documented clearly.
  • Obfuscation: The presence of encoded binary data suggests potential obfuscation techniques, which could be used for malicious purposes.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: The package appears suspicious due to lack of maintainer history and no secure links.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_convert.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4069 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 42 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • \x0a\x00\x00\x00\x0dIHDR\x00\ \x00\x00\x10\x00\x00\x00\x10\x08\x06\x00\x00\x00\x1f\xf3\xffa\ \x00\x00\x00\xe7IDATx\xda\xa5\x93=\x0a\x830\ \x1cG\x7f\xd
  • x17z\x82\x0e.z\x02\xd7\ \xdeBo\xa0\xb7\xe8\x15\x5c\x14\xd1\xa1\xab\x0e\xbd@\x8b\ \xb8vqpQP\xb4f\x10\x8c&\xad\xa1o\xca\x07\ y<\xfe\x10\
  • \xdc\x1f/\xb4\xef'W\x90\xe7\ 9\xb3\xaf\xaa\x0a\x8e\xe3\x90\xc3\x05[\x82 \x80\xeb\xba\ \xe2\x02\xba\x16q9\x9f\xe0\xfb><\xcfc\x0
  • \x0a\x00\x00\x00\x0dIHDR\x00\ \x00\x00\x10\x00\x00\x00\x10\x08\x06\x00\x00\x00\x1f\xf3\xffa\ \x00\x00\x00\x09pHYs\x00\x00\x0b\x12\x00\x00\x0b\x12\ \x0
  • \ " qt_resource_struct = b"\ \x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x01\ \x00\x00\x00\x00\x00\x00\x00\x00\ \x00\x00\x00\x00\x00\x02
  • \x00\x00\x00\x00\x00\x00\x00\ \x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x02\ \x00\x00\x00\x00\x00\x00\x00\x00\ \x00\x00\x000\x00\x00\x0
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • elf, *args): result = subprocess.run( [sys.executable, "-m", "arduimconvert", *args],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: outlook.com>

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://www.visualpharm.com/
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ardu-imconvert 
Create a Python-based utility called 'Arduboy Image Converter' that leverages the 'ardu-imconvert' package to convert images into various formats suitable for the Arduboy platform. This tool should allow users to upload an image file, select desired output formats (such as PNG, GIF, or BMP), and view a real-time preview of the converted image before downloading it. Additionally, include features like adjusting brightness, contrast, and applying filters such as grayscale or sepia tone. Utilize the 'ardu-imconvert' package to handle the conversion process and ensure compatibility with the Arduboy display specifications. Provide a user-friendly graphical interface using a library like Tkinter for simplicity.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!