arwn

v3.0.0 suspicious
6.0
Medium Risk

Collect 433Mhz weather sensor data and publish to mqtt

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits signs of potential obfuscation and shell execution, raising concerns about its legitimacy and purpose. Additionally, it appears to be a typosquatting attempt targeting a similar named package.

  • High obfuscation risk due to hex-encoded strings
  • Potential typosquatting targeting 'arq'
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: Shell execution is present and appears to be configuring system services, which may be expected behavior for a service-oriented package like 'arwn', but requires further investigation into the package's legitimate use case.
  • Obfuscation: The use of hex-encoded strings suggests potential obfuscation to hide the true purpose of the data being sent.
  • Credentials: No clear patterns indicating credential harvesting were found.
  • Metadata: The package shows some potential red flags but lacks concrete evidence of malice.
  • Typosquatting target: arq

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 15 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 15 test file(s) detected (e.g. __init__.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2654 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
○ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in sdague/arwn
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • RFXtrx""" self.send("\x0d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") sleep(0.3) # Should work with 0.05, but not for
  • ushInput() self.send("\x0d\x00\x00\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00") # self.send('\x0D\x00\x00\x03\x02\x00\x00\x00\x00
  • 00\x00") # self.send('\x0D\x00\x00\x03\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00') return self.receive_blocking() # -*- coding: utf
Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • %s" % cmd) self.rtl = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE) def
  • f"Written: {unit_file}") subprocess.run(["systemctl", "--user", "daemon-reload"], check=True) su
  • mon-reload"], check=True) subprocess.run(["systemctl", "--user", "enable", "--now", "arwn"], check=Tr
  • ow", "arwn"], check=True) subprocess.run(["loginctl", "enable-linger", getpass.getuser()], check=True
Credential Harvesting

No credential harvesting patterns detected

Typosquatting score 3.0

Possible typosquat of: arq

  • "arwn" is 2 edit(s) from "arq"
Registered Email Domain

Email domain looks legitimate: dague.net>

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://www.rfxcom.com/
Git Repository History

Repository sdague/arwn appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arwn 
Build a simple Python application using the arwn package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!