AI Analysis
Final verdict: SUSPICIOUS
The package has moderate risks due to potential shell execution for audio processing and concerns over its metadata indicating it might be newly created without much history.
- Shell risk due to possible ffmpeg execution
- Metadata suggests a lack of maintainer history and missing author information
Per-check LLM notes
- Network: Network calls are likely for downloading audio files, which is expected for an audio-to-text conversion tool.
- Shell: Shell executions may involve running ffmpeg for audio processing, which is common for such tools but requires careful review to ensure no unintended actions.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows signs of being newly created with minimal maintainer history and a missing author name, raising concerns about its legitimacy.
Package Quality Overall: Low (3.2/10)
○ Low
Test Suite
1.0
No test suite detected
No test files or test-runner configuration detected
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (2753 chars)
○ Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
9 type-annotated function signatures (partial)
○ Low
Multiple Contributors
1.0
Could not retrieve contributor data from GitHub
GitHub API error: 404
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
载] 直接下载音频: {url}") resp = requests.get(url, stream=True, timeout=120, headers={ "User-Agent
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 2.0
Found 1 shell execution pattern(s)
ath(ffmpeg_path).parent)) subprocess.run(cmd, check=True) for f in os.listdir(output_dir):
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 3.0
Repository not found (deleted or private)
Repository not found (deleted or private)
Maintainer History
score 6.0
3 maintainer concern(s) found
Only one version has ever been released — brand new packageAuthor name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with audio-to-text-cli
构建一个名为 'VideoSummarizer' 的小型应用程序,该应用利用 'audio-to-text-cli' 包将B站和YouTube视频中的音频转换为文本,并提供摘要功能。此应用程序旨在简化从视频内容中提取关键信息的过程。 步骤1:用户输入视频链接或直接上传音频文件到应用程序。 步骤2:应用程序使用 'audio-to-text-cli' 包自动下载视频的音频部分(如果提供的是视频链接),并将其转换成文本。 步骤3:文本处理阶段,程序会分析生成的文本,提取关键词和短语以生成摘要。 步骤4:输出最终结果,包括原始文本和摘要。 建议特性: - 支持多语言选项,包括但不限于简体中文、繁体中文和英语。 - 提供界面友好的图形用户界面(GUI)版本,使非技术用户也能轻松使用。 - 添加一个选项,允许用户自定义摘要长度和详细程度。 - 实现错误处理机制,确保在遇到无效链接或文件时能够给出清晰的反馈。 如何使用 'audio-to-text-cli': 通过调用 'audio-to-text-cli' 包中的命令行接口,可以实现对音频文件的下载和转录。具体来说,需要先安装 'audio-to-text-cli' 包,然后通过命令行工具或编程方式调用其API来处理音频文件,最后根据返回的文本数据进行进一步的文本分析和摘要生成。
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue