AI Analysis
Final verdict: SUSPICIOUS
The package exhibits moderate risks due to its execution of system commands and lack of detailed metadata, which could suggest potential misuse or supply-chain concerns.
- High shell risk due to system command execution
- Low metadata quality and absence of a GitHub repository
Per-check LLM notes
- Network: The network call appears to be a standard HTTP request, likely for fetching resources or updates.
- Shell: Executing system commands can be risky if not properly sanitized or intended for legitimate operations, suggesting potential for misuse or unintended consequences.
- Obfuscation: The observed obfuscation patterns are not typical of malicious activity but could indicate an attempt to obscure code logic.
- Credentials: No suspicious patterns for credential harvesting were detected.
- Metadata: The package shows low effort in maintaining metadata and lacks a GitHub repository, which may indicate potential risk.
Package Quality Overall: Low (3.0/10)
◈ Medium
Test Suite
6.0
Partial test coverage signals detected
Test runner config found: pyproject.toml
○ Low
Documentation
1.0
No documentation detected
No documentation URL, doc files, or meaningful description found
○ Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
119 type-annotated function signatures detected in source
○ Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
Outbound Network Calls
score 3.0
Found 2 network call pattern(s)
""" try: req = urllib.request.Request(url, headers={"User-Agent": "astrapi-mirror/1.0"})pi-mirror/1.0"}) with urllib.request.urlopen(req, timeout=30) as resp: raw: bytes = r
Code Obfuscation
score 2.0
Found 1 obfuscation pattern(s)
rozenset({"enabled"}) _log = __import__("logging").getLogger(__name__) def _make_slug(label: str) -> str:
Shell / Subprocess Execution
score 4.0
Found 2 shell execution pattern(s)
, ] result = subprocess.run(cmd, timeout=60, capture_output=True, text=True) Pareturn [] out = subprocess.run( [ "systemctl",
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with astrapi-mirror
Create a web-based application using Flask and the 'astrapi-mirror' package that allows users to manage and monitor their Debian repository mirrors. This application should enable users to perform several actions such as starting, stopping, and checking the status of their mirror processes. Additionally, the app should display real-time logs of the mirror operations and provide an interface for configuring basic settings like mirror URL, destination directory, and update frequency. Users should also be able to view a summary of the last mirror operation including any errors or warnings encountered. Utilize 'astrapi-mirror' to handle all the low-level details of mirroring and ensure that the UI is intuitive and user-friendly. Include features such as authentication to restrict access to authorized users only, and allow for customization of the UI theme through configuration options.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue