astromodels

v2.5.1 suspicious
4.0
Medium Risk

Astromodels contains models to be used in likelihood or Bayesian

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential obfuscation techniques and unclear maintainer information, though no direct malicious activity was confirmed.

  • Obfuscation risk due to use of eval and pickle
  • Suspicious maintainer metadata
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution detected may be related to package functionality, but requires further investigation to confirm legitimacy.
  • Obfuscation: The use of eval and pickle for object serialization might indicate an attempt to bypass code analysis or hide functionality, which is concerning.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: The maintainer has a new or inactive account and lacks a proper author name, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 13 test file(s) found

  • Test runner config found: pyproject.toml
  • 13 test file(s) detected (e.g. test_1D_function_values.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://astromodels.readthedocs.io
  • Detailed PyPI description (2825 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 63 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in threeML/astromodels
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • str): return eval(val) elif val is None: return
  • composite_function = eval( sanitized_function_specification, {}, {"instanc
  • po.K = 5.35 new_po = pickle.loads(pickle.dumps(po)) assert new_po.K.value == po.K.value
  • Gaussian_on_sphere() _ = pickle.loads(pickle.dumps(gs)) # 3d function c = Continuous_inje
  • njection_diffusion() _ = pickle.loads(pickle.dumps(c)) # composite function po2 = Powerla
  • mposite) new_composite = pickle.loads(dump) assert new_composite.K_1.value == composite.K_1.v
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • try: result = subprocess.run( ["otool", "-L", ext_path],
  • try: subprocess.run( [
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository threeML/astromodels appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with astromodels 
Create a Python-based mini-application that simulates and analyzes X-ray spectral data from astronomical sources using the 'astromodels' package. This application will allow users to input parameters such as source type (e.g., black hole, neutron star), distance, and intrinsic properties of the source, and then generate simulated X-ray spectra based on these inputs. Additionally, the app will include a feature to fit observed X-ray spectra to the generated models using a Bayesian approach, providing posterior distributions for the model parameters. Users should be able to visualize both the generated and fitted spectra, along with the posterior distributions, to better understand the fitting process and results. Utilize 'astromodels' to define and manipulate the physical models of the X-ray emission, ensuring the simulation and fitting processes are scientifically accurate and reproducible. Key features of the application should include an intuitive user interface for parameter input, robust simulation capabilities, and comprehensive analysis tools for spectral fitting and visualization.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!