autorpt

v1.0.0 suspicious
5.0
Medium Risk

Automated budget report generator for grant management with Excel input and Word output

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential obfuscation and unusual shell execution, raising suspicion despite the lack of direct evidence of malicious activities.

  • High obfuscation risk due to dynamic imports
  • Unusual shell executions
Per-check LLM notes
  • Network: No network calls were detected.
  • Shell: The observed shell executions seem to be related to compiling a report and closing Word processes, which might be part of the package's functionality but could indicate potential misuse if not properly documented.
  • Obfuscation: The use of dynamic imports through __import__ suggests potential code obfuscation to evade detection or analysis.
  • Credentials: No clear patterns indicative of credential harvesting were detected.
  • Metadata: The low activity in the git repository and the new maintainer account raise some concerns, but there's no clear evidence of malicious intent.

📦 Package Quality Overall: Low (4.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. test_autorpt.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5306 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
○ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 5 unique contributor(s) across 60 commits in VRConservation/autorpt
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • module = __import__(module_name, fromlist=[ parts[-1]], level=1) else: # Absolute import
  • module = __import__(module_name, fromlist=[parts[-1]]) else: # Simple import
  • port module = __import__(module_name) return module except ImportError:
  • module = __import__(module_name) return module except Import
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • pile command result = subprocess.run( ['typst', 'compile', 'report.typ', f"report_{da
  • WINWORD.EXE processes subprocess.run(['taskkill', '/f', '/im', 'WINWORD.EXE'],capture_output=True
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain score 3.0

Suspicious email domain flags: Email uses suspicious TLD: 3point.xyz

  • Email uses suspicious TLD: 3point.xyz
Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Vance Russell" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with autorpt 
Create a mini-application called 'GrantBudgetBot' using the Python package 'autorpt'. This tool will automate the process of generating comprehensive budget reports for grant management from Excel input files to Word output documents. The application should allow users to upload an Excel file containing detailed budget information, including categories like personnel costs, travel expenses, equipment purchases, and indirect costs. After processing the data, the application should generate a formatted Word document that summarizes the total budget, breaks down the costs by category, and highlights any potential overspending or underutilization of funds.

Step-by-step functionality:
1. User interface: Develop a simple user-friendly interface where users can upload their Excel file.
2. Data validation: Implement checks to ensure the uploaded Excel file has the correct structure and necessary data fields.
3. Budget calculation: Automatically calculate totals for each budget category and overall budget.
4. Report generation: Use 'autorpt' to convert the calculated data into a professionally formatted Word document, including charts and tables.
5. Output delivery: Allow users to download the generated Word report directly from the application.

Suggested features:
- Error handling for invalid inputs or missing data.
- Option to customize report templates within 'autorpt' for different types of grants.
- Integration with email services to automatically send the generated report to a specified address.
- User authentication and storage of previous reports for easy access.

How 'autorpt' is utilized:
- Import and utilize 'autorpt' functions to handle Excel input reading and Word output writing.
- Customize 'autorpt' configurations to tailor the appearance and content of the generated Word reports based on specific grant requirements.
- Leverage 'autorpt' capabilities to include advanced formatting options such as conditional formatting, charts, and tables in the Word documents.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!