auto-analyser

v0.6.0 suspicious
5.0
Medium Risk

Auto-analyser — detect a file's format and route it to the right analyser family member

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate network and shell execution risks, which are significant concerns for security. However, it lacks obfuscation and credential harvesting patterns, reducing the likelihood of malicious intent.

  • Moderate network risk due to potential health checks and manifest retrievals.
  • High shell risk due to un-sanitized command execution based on user input or configuration.
Per-check LLM notes
  • Network: The network calls appear to be part of health checks and manifest retrieval, which could be legitimate if the package interacts with remote services.
  • Shell: Executing external commands based on user input or configuration can introduce security risks, especially if command inputs are not properly sanitized.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising some suspicion but not conclusive evidence of malintent.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 9 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4159 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 45 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • try: httpx.get(f"{cfg.url}/health", timeout=3).raise_for_status()
  • ort httpx resp = httpx.get(f"{cfg.url.rstrip('/')}/manifest", timeout=timeout)
  • ") as f: with httpx.Client(timeout=300) as client: response = clien
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • try: subprocess.run([cfg.command, "--version"], capture_output=True, timeout=5)
  • g.command: proc = subprocess.run( [cfg.command, "manifest"],
  • try: proc = subprocess.run( [command, str(file_path), "--json"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with auto-analyser 
Create a versatile file analysis tool called 'FileInsight' using the Python package 'auto-analyser'. This tool should allow users to upload any type of file, automatically detect its format, and provide detailed analysis based on the file type. For example, if a user uploads a PDF, the tool should identify it as a PDF and then analyze it accordingly, perhaps extracting text, metadata, or other relevant information. Similarly, for image files, it could perform basic image processing tasks like resizing or color correction.

The application should have the following key features:
1. A simple and intuitive GUI built with Tkinter for ease of use.
2. Support for common file types such as PDFs, images, CSVs, and text files.
3. Detailed analysis results displayed directly within the application window, including any extracted data or processed output.
4. An option to save the analysis results into a new file or export them.
5. Error handling for unsupported file types or corrupted files.

Utilize the 'auto-analyser' package to automate the detection of file formats and route each file to the appropriate analysis function. This will streamline the process of adding support for new file types in the future, as the package will handle the initial detection. Additionally, consider integrating additional Python libraries for specific file analyses, ensuring that the tool remains powerful and flexible.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!