ariel-mermaid

v0.1.0 suspicious
5.0
Medium Risk

animate Mermaid diagrams as videos with manim

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential misuse, particularly concerning shell execution which needs more scrutiny. However, there are no immediate indications of malicious activities.

  • Shell execution detected
  • Low repository activity and single contributor
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: Shell execution detected might be for legitimate purposes like converting graph to JSON format, but requires further investigation to ensure it's not being used for unintended operations.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The repository's low activity and single contributor suggest potential risks, indicative of possible malicious intent or a newly compromised account.

📦 Package Quality Overall: Low (4.6/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • Test runner config found: pyproject.toml
  • 9 test file(s) detected (e.g. test_animate.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1488 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 166 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 1 commits in pavelsimo/ariel
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • = _to_dot(graph) result = subprocess.run( [dot_bin, "-Tjson"], input=dot_src,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 7.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Very few commits: 1 total
  • Single contributor with only 1 commit(s) — possibly throwaway account
Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "pavelsimo" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ariel-mermaid 
Create a Python-based mini-application that allows users to input Mermaid diagram code and automatically generates animated videos from these diagrams using the 'ariel-mermaid' package. The application should include a simple GUI where users can paste their Mermaid diagram code and select options such as animation speed, color themes, and output video format. Upon clicking a 'Generate Video' button, the application should use 'ariel-mermaid' to convert the provided Mermaid diagram into an animated video and save it locally or allow downloading. Additionally, implement a feature to preview the final video before saving it. Ensure the application handles errors gracefully, such as invalid Mermaid code, and provides useful feedback to the user.