Package Metadata

Author: —
Email: Deniz Şafak <[email protected]>
PyPI: assy
Python: >=3.10
Versions: 3 releases
First release: 05 Dec 2025, 21:41 UTC
Analysed: 07 Jun 2026, 15:07 UTC
Source files: 28 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 5 - Production/StableEnvironment :: X11 Applications :: QtIntended Audience :: End Users/DesktopLicense :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)Operating System :: OS IndependentProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Multimedia :: Video

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to potential code obfuscation and high shell execution risk. While there's no evidence of credential harvesting or direct malicious intent, the combination of these factors warrants further investigation.

moderate obfuscation risk
high shell execution risk

Per-check LLM notes

Network: The network call to GitHub appears benign, likely for version checking.
Shell: The use of shell execution commands raises concern, possibly indicating the package has capabilities for executing arbitrary code, which could be exploited.
Obfuscation: The code pattern is moderately suspicious as it uses dynamic import and attribute retrieval which can be used for obfuscation, but could also be part of legitimate functionality.
Credentials: No credential harvesting patterns were detected in the provided snippet.
Metadata: The maintainer has an incomplete profile and a new account with only one package, which may indicate low activity or a less experienced user.

📦 Package Quality Overall: Medium (5.0/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/denizsafak/AutoSubSync
Detailed PyPI description (24038 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

56 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

4 unique contributor(s) across 100 commits in denizsafak/AutoSubSync
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

rtifi response = requests.get( GITHUB_VERSION_URL, timeout=5, verify=certi

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

try: mod = __import__(module_name) return getattr(mod, "__version__", "0.0")

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

] = os.setsid return subprocess.Popen(cmd, **kwargs) def terminate_process_safely(process):
command: {cmd}") subprocess.Popen( cmd, start_new_session=True
executable itself subprocess.Popen( [sys.executable] + sys.argv[1:],
LD_LIBRARY_PATH"] subprocess.Popen(["xdg-open", folder], env=env) else: QDe
TH"] try: subprocess.Popen(["xdg-open", url], env=env) return True

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository denizsafak/AutoSubSync appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with assy

Create a fully-functional mini-application called 'SyncSubtitleMaster' using Python and the 'assy' package. This application aims to simplify the process of synchronizing subtitles for video enthusiasts and professionals. The app should have a user-friendly interface and include the following core functionalities:

1. **Subtitle Upload**: Users should be able to upload their subtitle files (SRT format) and corresponding video files.
2. **Automatic Synchronization**: Utilize the 'assy' package to automatically synchronize the uploaded subtitles with the video based on audio cues and timestamps.
3. **Manual Adjustments**: Provide users with the ability to manually adjust the synchronization if needed, allowing them to fine-tune the timing of each subtitle line.
4. **Export Options**: After synchronization, users should be able to export the adjusted subtitle file in various formats (e.g., SRT, VTT).
5. **Batch Processing**: Implement a batch processing feature where users can upload multiple subtitle-video pairs at once for synchronization.
6. **Preview Functionality**: Include a preview function that allows users to watch the video with the synchronized subtitles before exporting.
7. **Error Handling and Feedback**: Ensure the application provides clear feedback to users about any errors encountered during the synchronization process and offers suggestions for troubleshooting.

The 'assy' package will be primarily used for the automatic synchronization of subtitles. It processes the audio from the video to align subtitle timings accurately. Your task is to integrate 'assy' into your application so that it becomes a seamless part of the user workflow, ensuring that subtitle synchronization is as accurate and efficient as possible.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (5.0/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue