asimov

v0.6.1 suspicious
5.0
Medium Risk

A Python package for managing and interacting with data analysis jobs.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant network and shell execution risks, but lacks obfuscation and credential harvesting activities. The metadata suggests potential unreliability due to the maintainer's limited presence.

  • High network risk
  • High shell execution risk
  • Low obfuscation risk
  • Low credential risk
  • Unestablished maintainer
Per-check LLM notes
  • Network: The package makes network calls to external URLs, which could potentially be used for unauthorized data transfer.
  • Shell: The use of os.system for file operations and potentially executing shell commands raises concerns about unintended behavior or security vulnerabilities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package and no associated GitHub repository, which may indicate a less established or potentially suspicious activity.

πŸ“¦ Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present β€” 13 test file(s) found

  • 13 test file(s) detected (e.g. test_gwtc2d1.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • 1 documentation file(s) (e.g. conf.py)
  • Detailed PyPI description (7569 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—‹ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
β—‹ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked β€” contributor count unavailable

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • le[:4] == "http": r = requests.get(file) if r.status_code == 200: data = r.
  • = channel response = requests.post( self.url, data=json.dumps(data),
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ] os.system(f"cp {psdfile} {ifo}-psd.xml.gz") #
  • ") # os.system("cat *_local.cache > local.cache")
  • [1].split(".")[0] os.system(f"cp {psdfile} {ifo}-psd.xml.gz") command = [
  • _psds("xml"): os.system( f"cp {psdfile} {self.production.rundir}
  • count += 1 # os.system("cat *_local.cache > local.cache") self.submit_d
  • : os.system(f'condor_ssh_to_job -ssh scp {job} remote:./*.hdf* {prod_run
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: ligo.org

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Daniel Williams" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with asimov 
Your task is to develop a data analysis job management system using the 'asimov' Python package. This system will allow users to submit data analysis tasks, monitor their status, and retrieve results. Here’s a step-by-step guide on how to build this application:

1. **Setup**: Begin by setting up your development environment. Ensure you have Python installed and create a virtual environment for your project. Install the 'asimov' package along with any other necessary libraries such as Flask for web services.

2. **Define Job Models**: Define models representing different types of data analysis jobs. Each model should include fields like job ID, job name, input data path, output data path, start time, end time, and status (e.g., pending, running, completed).

3. **Job Submission Interface**: Create a simple REST API endpoint where users can submit new data analysis jobs. Users should be able to specify the type of job, input data location, and desired output location.

4. **Job Execution**: Utilize 'asimov' to manage the execution of these jobs. Asimov provides functionalities to queue jobs, track their progress, and handle errors. Integrate these capabilities into your system so that once a job is submitted, it is processed by Asimov.

5. **Monitoring and Status Updates**: Implement another API endpoint that allows users to check the status of their jobs. Use Asimov’s monitoring tools to fetch and display the current state of each job.

6. **Result Retrieval**: Once a job completes successfully, ensure that the results are stored and accessible through your system. Provide an endpoint for users to download or view the results of their jobs.

7. **User Interface**: Develop a basic web interface using HTML/CSS/JavaScript that interacts with your REST API endpoints. This UI should enable users to submit jobs, view job statuses, and download results.

8. **Testing**: Thoroughly test all components of your system, including job submission, execution, monitoring, and result retrieval. Pay special attention to error handling and user feedback during testing.

9. **Documentation**: Write comprehensive documentation detailing how to use your system, including setup instructions, API documentation, and examples.

By following these steps, you will create a functional and user-friendly data analysis job management system that leverages the powerful capabilities of the 'asimov' package.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!