AI Analysis
Final verdict: SAFE
The package appears to be legitimate with low risks across multiple categories. However, it has a moderate metadata risk due to limited information about its maintainers and repository.
- Low network, shell, obfuscation, and credential risks
- Moderate metadata risk due to lack of detailed maintainer history and GitHub repository
Per-check LLM notes
- Network: The observed network call pattern suggests legitimate file downloading activity, which could be for updating the package or fetching resources.
- Shell: No shell execution patterns were detected.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: Low risk but requires further investigation due to lack of GitHub repo and minimal maintainer history.
Package Quality Overall: Low (3.8/10)
◈ Medium
Test Suite
6.0
Partial test coverage signals detected
Test runner config found: pyproject.toml
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (6957 chars)
○ Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
87 type-annotated function signatures detected in source
○ Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
th(tmp.name) try: urllib.request.urlretrieve(url, tmp_path) tmp_path.replace(target)
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gmail.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 4.0
2 maintainer concern(s) found
Author "jian jian" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with async-uiautomator2
构建一个名为 'AutoTaskRunner' 的小型应用程序,该应用使用 Python 包 'async-uiautomator2' 来自动化执行一系列 Android 设备上的任务。该应用的主要功能是允许用户定义并运行一组自动化测试脚本,这些脚本可以模拟用户的操作来测试特定的应用程序或游戏。 具体来说,'AutoTaskRunner' 应具备以下核心功能: 1. 用户能够通过图形界面(GUI)选择要测试的 Android 设备。 2. 支持创建、编辑和保存自动化测试脚本,每个脚本由一系列步骤组成,例如点击屏幕上的某个按钮、输入文本或滚动页面。 3. 能够实时显示测试进度,并在测试完成后提供详细的报告,包括每一步的操作结果和任何遇到的问题。 4. 提供了一个简单的日志记录系统,用于跟踪和存储每次测试的结果。 5. 允许用户设置定时任务,以便在特定时间自动运行测试。 为了实现上述功能,你将利用 'async-uiautomator2' 包提供的异步客户端来与 Android 设备进行交互。该包允许你以非阻塞的方式执行 UI 操作,这意味着你可以同时处理多个设备或执行其他后台任务,而不会影响主应用的性能。 请详细描述如何设计和实现这个应用程序,包括但不限于 GUI 设计、脚本解析机制、日志记录系统以及如何有效地利用 'async-uiautomator2' 来实现自动化测试流程。
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue