arthub-api

v1.11.8 suspicious
6.0
Medium Risk

ArHhub Python SDK

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its use of potentially obfuscating code patterns and risky shell executions, despite showing low risk in network and credential handling.

  • High shell risk due to direct system command execution
  • Moderate obfuscation risk due to dynamic execution patterns
Per-check LLM notes
  • Network: The network calls appear to be standard HTTP GET requests which could be for downloading files or making API calls, not inherently suspicious.
  • Shell: Executing system commands like 'python setup.py' and 'twine upload' directly using os.system can pose security risks, indicating potential for unauthorized package publishing or other unintended actions.
  • Obfuscation: The code pattern suggests the use of dynamic execution which could be used for obfuscation purposes, raising suspicion.
  • Credentials: No clear indicators of credential harvesting were found in the provided snippet.
  • Metadata: The maintainer has only one package and lacks a GitHub repository, which could indicate a new or less active developer, but there are no clear signs of malicious intent.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 11 test file(s) found

  • Test runner config found: conftest.py
  • 11 test file(s) detected (e.g. __init__.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (907 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 5 type-annotated function signatures (partial)
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • cket, key) response = requests.get(self.download_url, headers=headers, timeout=self.timeout)
  • try: response = requests.get(self.download_url, headers=headers, stream=True, timeout=sel
  • try: response = requests.get(self.download_url, stream=True, timeout=self.timeout)
  • try: res = requests.post(begin_url, headers={"content
  • try: res = requests.post(complete_url, headers={"cont
  • try: r = requests.get(url, stream=True, timeout=self.timeout) except Excep
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ath) as file_obj: exec(compile(file_obj.read(), file_obj.name, "exec"), mod) except IO
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • ys.argv[-1] == "publish": os.system("python setup.py sdist bdist_wheel") os.system("twine up
  • up.py sdist bdist_wheel") os.system("twine upload dist/*") sys.exit() requires = [ 'req
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: tencent.com

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Joey Ding" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arthub-api 
Your task is to develop a fully-functional mini-application named 'ArtCollector' using the Python package 'arthub-api'. This application will serve as a personal art collection management tool, allowing users to easily manage their art pieces, including adding new pieces, updating information about existing pieces, and removing pieces from their collection. Additionally, users should be able to search for specific artworks based on various criteria such as artist name, artwork title, or creation date.

Key Features:
1. User Authentication: Implement basic user authentication to allow users to create accounts, log in, and secure their collections.
2. Artwork Management: Users should be able to add new artworks to their collection, providing details such as artist name, artwork title, year of creation, medium, and any other relevant information.
3. Search Functionality: Develop a robust search feature that allows users to find specific artworks within their collection based on different attributes like artist name, artwork title, and year of creation.
4. Update and Delete: Provide options for users to update the details of their artworks or remove them from the collection entirely.
5. Display Collections: Create a feature that displays all the artworks in a user's collection in a readable format.

Utilizing 'arthub-api':
- Use the 'arthub-api' package to fetch data related to artists and artworks, enriching the user experience by integrating real-time information directly into the app. For instance, when adding a new artwork, the application could use 'arthub-api' to fetch additional details about the artist or suggest similar artworks.
- Ensure that the integration with 'arthub-api' is seamless and enhances the core functionalities of 'ArtCollector', making it more than just a simple database for storing artwork information.

The final product should be well-documented, easy to use, and demonstrate a thorough understanding of both the 'arthub-api' package and the principles of Python programming.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!