arro

v0.1.3 suspicious
7.0
High Risk

A quantitative finance library for portfolio analytics

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits signs of typosquatting targeting 'arrow', with low maintainer activity and poor metadata quality. These factors raise concerns about its legitimacy and security.

  • typosquatting attempt
  • low maintainer activity
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires external services.
  • Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, which could indicate a lack of transparency or potential malicious intent.
  • Typosquatting target: arrow

📦 Package Quality Overall: Low (2.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. test_metrics.py)
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
○ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting score 6.0

Possible typosquat of: arrow, arq

  • "arro" is 1 edit(s) from "arrow"
  • "arro" is 2 edit(s) from "arq"
Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arro 
Create a mini-application named 'PortfolioAnalyzer' that leverages the 'arro' package to perform advanced portfolio analytics for investors. The application should allow users to input a list of stocks or assets they are interested in, along with their investment weights, and then provide detailed analytics on the portfolio's performance and risk metrics. Here are the key steps and features for the application:

1. **User Input**: Design a simple user interface where users can enter stock tickers (e.g., AAPL, MSFT) and their corresponding investment weights.
2. **Data Retrieval**: Utilize the 'arro' package to fetch historical price data for the selected assets over a specified period.
3. **Performance Analysis**: Calculate and display the annualized return, standard deviation, Sharpe ratio, and other relevant metrics for each individual asset.
4. **Portfolio Analysis**: Using 'arro', compute the portfolio's overall return, risk (standard deviation), Sharpe ratio, and other aggregate statistics based on the provided weights.
5. **Risk Assessment**: Provide a heatmap or correlation matrix using 'arro' functions to show how different assets move in relation to each other.
6. **Scenario Analysis**: Allow users to adjust weights and see how these changes impact the portfolio's risk and return metrics.
7. **Visualization**: Implement visualizations such as pie charts for asset allocation, line graphs for returns over time, and bar charts for comparing individual asset performances.
8. **Reporting**: Generate a PDF report summarizing the portfolio analysis, including all calculated metrics and visualizations.

The goal is to create an intuitive and informative tool that helps users understand the potential risks and rewards of their investment portfolios. Ensure that the application is well-documented and includes error handling for scenarios like invalid stock symbols or missing data.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!