AI Analysis
Final verdict: SUSPICIOUS
The package exhibits high risks associated with shell execution and code obfuscation techniques, which could potentially be leveraged for malicious activities. However, there's no concrete evidence of harmful behavior or credential theft.
- High shell risk due to os.system and os.popen usage
- Significant obfuscation risk from eval(), exec(), and compile() functions
Per-check LLM notes
- Network: The network calls could be legitimate if the package is designed to interact with external services.
- Shell: The use of os.system and os.popen indicates potential execution of arbitrary commands, which could be exploited for malicious purposes.
- Obfuscation: The use of eval(), exec(), and compile() suggests potential for code injection and obfuscation, indicating a higher risk.
- Credentials: No clear patterns of credential harvesting detected, but caution is advised as obfuscation could hide such activities.
- Metadata: The repository was created recently and the maintainer has only one package, which may indicate suspicious activity.
Package Quality Overall: Medium (7.6/10)
✦ High
Test Suite
9.0
Test suite present — 9 test file(s) found
Test runner config found: conftest.pyTest runner config found: pyproject.toml9 test file(s) detected (e.g. conftest.py)
◈ Medium
Documentation
7.0
Some documentation present
Documentation URL: "Documentation" -> https://github.com/paulholland511/atlas-os/tree/main/docsDetailed PyPI description (59840 chars)
✦ High
Contributing Guide
9.0
Has contribution guidelines and governance files
Governance file: security.pyDevelopment Status classifier >= Beta
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
574 type-annotated function signatures detected in source
✦ High
Multiple Contributors
8.0
Active multi-contributor project
4 unique contributor(s) across 85 commits in paulholland511/atlas-osSmall but multi-author team (3–4 contributors)
Heuristic Checks
Outbound Network Calls
score 9.0
Found 6 network call pattern(s)
try: resp = requests.get(f"{base}{path}", timeout=timeout) except requests.Res.""" try: resp = requests.get(backend.models_url, timeout=timeout) except requests.Req} try: resp = requests.post( client.chat_url, headers=client.headers(), jsondels" try: resp = requests.get(probe, timeout=2) except requests.RequestException:meout self._session = requests.Session() self._session.headers.update( {"Contens.""" try: resp = requests.get(url, timeout=timeout) except requests.RequestException:
Code Obfuscation
score 4.0
Found 2 obfuscation pattern(s)
{ "eval": ("eval-call", "eval() executes arbitrary code"), "exec": ("exec-call", "execmport__": ("dynamic-import", "__import__() loads modules dynamically"), "compile": ("compile-call"
Shell / Subprocess Execution
score 10.0
Found 6 shell execution pattern(s)
"os.system": ("os-system", "os.system() runs an arbitrary shell command"), "os.popen": ("os-po"os.popen": ("os-popen", "os.popen() runs an arbitrary shell command"), } # subprocess entry p=2) raise typer.Exit(code=subprocess.call([sys.executable, str(path), *args])) def _extract_changes(ed: list[str] = [] proc = subprocess.Popen( [sys.executable, str(path), *args], stdout=dge graph…") rc = subprocess.call([sys.executable, str(scripts_dir() / "build_graph.py")])return try: subprocess.run(["git", "init", "-q"], cwd=vault, check=True) subpro
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
score 2.0
Found 1 suspicious link(s) on the package page
Non-HTTPS external link: http://127.0.0.1:8501
Git Repository History
score 2.5
Git history flags: Repository created very recently: 5 day(s) ago (2026-06-02T17:58:29Z)
Repository created very recently: 5 day(s) ago (2026-06-02T17:58:29Z)
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "Paul Holland" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with atlas-os
Create a Personalized Financial Advisor Application using the 'atlas-os' package. This application will serve as a comprehensive tool for managing investments, job searching, and leveraging trading intelligence. Here's a detailed plan for building this application: 1. **Project Setup**: Begin by installing the 'atlas-os' package and setting up your development environment. 2. **User Profile Creation**: Allow users to create profiles where they can input their financial goals, risk tolerance levels, and other relevant information. 3. **Investment Management**: Use 'atlas-os' to automate the process of analyzing investment opportunities based on user preferences and market trends. Implement features like automatic portfolio rebalancing and performance tracking. 4. **Job Search Automation**: Integrate the job search automation feature from 'atlas-os' to help users find job openings that match their skills and career aspirations. 5. **Trading Intelligence**: Leverage the trading intelligence capabilities within 'atlas-os' to provide real-time market analysis and predictive insights to assist in making informed trading decisions. 6. **Knowledge Management**: Utilize the RAG (Retrieval-Augmented Generation) knowledge management feature to offer personalized learning resources and articles related to finance and investing. 7. **User Interface**: Develop a clean and intuitive UI that allows easy access to all features and provides a seamless user experience. 8. **Security Measures**: Ensure data privacy and security by implementing robust encryption methods and following best practices for handling sensitive user information. Throughout the development process, focus on utilizing 'atlas-os' to its fullest potential, ensuring that each feature leverages the unique capabilities offered by the package.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue