astrapi-backup

v26.5.5 suspicious
6.0
Medium Risk

Backup Control – Web-UI für Borg, Rsync, Proxmox

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant network and shell execution risks, which are critical indicators for potential malicious activities. However, the lack of obfuscation and credential harvesting suggests that it might not be directly aimed at stealing credentials.

  • High network risk due to insecure network calls
  • High shell risk due to local and remote command executions
Per-check LLM notes
  • Network: The presence of network calls with secrets and non-standard timeouts may indicate unauthorized access or data exfiltration attempts.
  • Shell: Local shell execution and remote SSH commands could be used for privilege escalation or to execute arbitrary code, suggesting potential security risks.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low maintainer effort and lacks a GitHub repository, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (3.6/10)

✦ High Test Suite 9.0

Test suite present — 3 test file(s) found

  • Test runner config found: pyproject.toml
  • Test runner config found: conftest.py
  • 3 test file(s) detected (e.g. conftest.py)
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 125 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • secret>' '{url}'") resp = requests.post( url, headers=_auth_headers(token_id, token_secret),
  • () < deadline: resp = requests.get(url, headers=headers, verify=verify_ssl, timeout=15)
  • try: resp = requests.get(url, headers=headers, verify=verify_ssl, timeout=10)
  • secret>' '{url}'") resp = requests.get(url, headers=headers, verify=verify_ssl, timeout=10) res
  • es_template, } resp = requests.post( url, headers=_auth_headers(token_id, token_secret),
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • on == "local": return subprocess.run( ["bash", "-c", cmd_str], capture_output=True, t
  • env=env ) return subprocess.run( ["ssh", "-o", "BatchMode=yes", "-o", "ConnectTimeou
  • on == "local": return subprocess.Popen( ["bash", "-c", cmd_str], stdout=subprocess.PIPE
  • env=env ) return subprocess.Popen( ["ssh", "-o", "BatchMode=yes", "-o", "ConnectTimeou
  • return try: subprocess.run(["wakeonlan", mac], check=True, timeout=10) log.info
  • return try: subprocess.run( ["ssh", "-o", "BatchMode=yes", "-o", "ConnectTi
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with astrapi-backup 
Create a fully-functional mini-application using the Python package 'astrapi-backup' that serves as a simplified user interface for managing backups. This application will be called 'BackupBuddy' and will allow users to easily control backup operations such as creating new backups, restoring from existing backups, and monitoring backup progress through a web-based UI. Here’s a step-by-step guide on what your application should achieve:

1. **User Authentication**: Implement basic authentication to ensure only authorized users can access the backup management functionalities.
2. **Dashboard Overview**: Provide a dashboard that shows a summary of all ongoing and completed backup tasks, including their status (e.g., in-progress, completed, failed).
3. **Backup Creation**: Allow users to initiate new backup tasks by specifying source directories and target locations.
4. **Restore Functionality**: Enable users to restore data from existing backups by selecting specific backup points and target restoration paths.
5. **Monitoring & Notifications**: Integrate real-time monitoring of backup processes and send notifications via email or SMS when a backup task completes or fails.
6. **Configuration Management**: Offer an interface where users can manage configurations for different backup tasks, including scheduling backups at regular intervals.
7. **Integration with 'astrapi-backup'**: Utilize the 'astrapi-backup' package to handle the backend logic for initiating, managing, and monitoring backup tasks. Ensure that the application leverages 'astrapi-backup' to interact seamlessly with Borg, Rsync, and Proxmox for backup operations.
8. **Documentation & User Guide**: Provide comprehensive documentation and a user guide that explains how to install, configure, and use BackupBuddy effectively.

Your goal is to create a user-friendly yet powerful tool that simplifies the process of managing backups for both novice and experienced users. Make sure to utilize 'astrapi-backup' efficiently to ensure reliability and robustness in handling various backup scenarios.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!