AI Analysis
Final verdict: SUSPICIOUS
The package exhibits signs of low maintainer effort and potential anonymity, along with shell execution risks that could be exploited for unauthorized actions.
- Low maintainer effort and anonymity
- Potential risks associated with shell executions
- Stable setup code without rotation mechanism
Per-check LLM notes
- Network: Network calls appear to be part of normal HTTP requests and file operations, but the specific URLs and methods should be reviewed for context.
- Shell: Shell executions involve Google Cloud Storage commands, which may indicate legitimate use for cloud storage operations, but could also be a risk if used for unauthorized actions.
- Metadata: The package shows signs of low maintainer effort and anonymity, which could indicate potential risk.
Package Quality Overall: Low (4.4/10)
β¦ High
Test Suite
9.0
Test suite present β 32 test file(s) found
32 test file(s) detected (e.g. test_adapter_modifiers.py)
β Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (35213 chars)
β Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β Medium
Type Annotations
5.0
Partial type annotation coverage
76 type-annotated function signatures detected in source
β Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked β contributor count unavailable
Heuristic Checks
Outbound Network Calls
score 9.0
Found 6 network call pattern(s)
encode("utf-8") request = urllib.request.Request(url, data=data, headers=headers, method=method)method) try: with urllib.request.urlopen(request, timeout=timeout) as response: rurllib.parse.urljoin("file:", urllib.request.pathname2url(os.path.abspath(path))) def is_video_path(pattry: request = urllib.request.Request( f"{base}/personal-mail/status",) with urllib.request.urlopen(request, timeout=5) as response: pay"], 1) request = urllib.request.Request( f"{base}/personal-mail/status",
Code Obfuscation
score 8.0
Found 4 obfuscation pattern(s)
"scripts") if SCRIPTS not in __import__("sys").path: __import__("sys").path.insert(0, SCRIPTS) from on __import__("sys").path: __import__("sys").path.insert(0, SCRIPTS) from onboarding_codes import Onboaripts" if str(SCRIPTS) not in __import__("sys").path: __import__("sys").path.insert(0, str(SCRIPTS)) in __import__("sys").path: __import__("sys").path.insert(0, str(SCRIPTS)) import simulate_teammate_onbo
Shell / Subprocess Execution
score 10.0
Found 6 shell execution pattern(s)
ize(local_path) == 0: subprocess.run(["gcloud", "storage", "cp", media_uri, local_path], check=Trlocal_path) == 0: subprocess.run(["gcloud", "storage", "cp", base_locator, local_path], check) return 0 return subprocess.run(command, check=False).returncode def sql_literal(value):k-monarch"]) result = subprocess.run(command, text=True, capture_output=True, check=False)list[str]) -> str: return subprocess.check_output(args, text=True, stderr=subprocess.STDOUT) def ensure_tempprint("+", " ".join(cmd)) subprocess.run(cmd, cwd=cwd, check=True) def normalize(input_path: Path,
Credential Harvesting
score 2.5
Found 1 credential access pattern(s)
in.isatty()): token = getpass.getpass("Ask Monarch bearer token: ").strip() if not token:
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with ask-monarch
Create a Python-based desktop application named 'MonarchQuery' that allows users to interact with the Ask Monarch source plane through a simple GUI interface. This application should utilize the 'ask-monarch' package to facilitate querying and retrieving information from the Ask Monarch source plane. Hereβs a detailed breakdown of what your application should include: 1. **User Interface**: Design a clean and user-friendly GUI using a Python library like Tkinter or PyQt5. The main window should have fields for entering queries and displaying results. 2. **Query Functionality**: Implement a feature where users can enter natural language questions into a text box. Upon clicking a 'Search' button, the application should use the 'ask-monarch' package to send these queries to the Ask Monarch source plane. 3. **Result Display**: After receiving the response from the Ask Monarch source plane, display the results back to the user in a readable format within the GUI. 4. **Error Handling**: Include robust error handling to manage cases where the query fails or returns unexpected results. Provide feedback to the user if something goes wrong during the query process. 5. **History Feature**: Keep track of previous queries and their responses in a history section of the GUI. Users should be able to review past searches and their outcomes. 6. **Customization Options**: Allow users to customize their experience by setting preferences such as default search options, preferred output formats, etc. 7. **Documentation and Setup Instructions**: Provide comprehensive documentation explaining how to install and run the application. Include setup instructions for both the 'ask-monarch' package and any other dependencies required. The 'ask-monarch' package will be primarily used to send queries to the Ask Monarch source plane and receive responses. Your task is to integrate this functionality seamlessly into the GUI, ensuring a smooth user experience.
π¬ Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue