autosana

v0.6.0 suspicious
6.0
Medium Risk

Local testing infrastructure for Autosana — mobile and web

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to network and shell command risks, alongside obfuscation techniques. While no direct evidence of malicious intent is present, the unusual behaviors warrant further investigation.

  • High network and shell command execution risks
  • Signs of code obfuscation
  • Low maintainer activity
Per-check LLM notes
  • Network: The network calls to localhost suggest potential internal monitoring or health checks, but the use of non-standard ports and schemes may indicate unusual behavior.
  • Shell: The shell commands executed include interactions with system security settings and certificate handling, which could be indicative of legitimate operations but also raise concerns about unauthorized access or manipulation.
  • Obfuscation: The code shows signs of obfuscation through base64 decoding and unusual function naming, suggesting potential risk.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, but lacks clear indicators of malicious intent.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 13 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 13 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (6769 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 226 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • quest try: req = urllib.request.Request(f"http://127.0.0.1:{metrics_port}/ready", method="GE
  • ", method="GET") with urllib.request.urlopen(req, timeout=timeout): return True # ur
  • quest try: req = urllib.request.Request(f"{scheme}://127.0.0.1:{port}", method="HEAD")
  • = ssl.CERT_NONE with urllib.request.urlopen(req, timeout=timeout, context=ctx) as resp:
  • try: req = urllib.request.Request(f"http://127.0.0.1:{metrics_port}/ready", method="GE
  • d="GET") with urllib.request.urlopen(req, timeout=3) as resp: if resp
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • = inspect_image_bytes("wda", base64.b64decode(encoded)) if result.ok: return result
  • ad().decode()) assert base64.b64decode(payload["value"]) == image finally: proxy_server
  • ssions( [ __import__("autosana_cli.models", fromlist=["Session", "Platform"]).Session( session_id="ios-4723-20260319T1200
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ne: try: result = subprocess.run( ["defaults", "read", "com.apple.dt.Xcode", "IDE
  • """ try: result = subprocess.run( ["security", "find-identity", "-v", "-p", "code
  • """ try: result = subprocess.run( ["security", "find-certificate", "-a", "-p", "-
  • try: result = subprocess.run( ["openssl", "x509", "-in", tmp.name, "-noou
  • ator2:adb_shell"]) return subprocess.Popen( command, stdout=log_handle, stderr=
  • KEN"] = auth_token return subprocess.Popen( command, stdout=log_handle, stderr=
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:
  • Link to raw IP address: https://127.0.0.1:
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with autosana 
Your task is to develop a simple yet functional local testing utility for both web and mobile applications using the 'autosana' package. This utility will enable developers to easily test their applications locally without needing to deploy them to a live server. Here’s a step-by-step guide on how to proceed:

1. **Project Setup**: Start by setting up a new Python environment. Install the 'autosana' package along with any other necessary dependencies such as Flask for web development and Kivy for mobile app simulation.

2. **Define Application Scenarios**: Identify key functionalities you want to test in your application, such as user authentication, data submission forms, and navigation between pages. Use these scenarios to create mock data and endpoints.

3. **Web Testing Infrastructure**: Utilize 'autosana' to set up a local web server that mimics a real-world web application environment. Implement basic CRUD operations through Flask routes. Ensure that the server can handle GET and POST requests.

4. **Mobile Testing Simulation**: With 'autosana', simulate a mobile environment where you can test the responsiveness and functionality of your application. Use Kivy to create a simple mobile interface that interacts with the local web server you set up.

5. **Testing Features**: Integrate automated testing scripts into your utility to test various aspects of your application, including performance under different network conditions and usability across different screen sizes.

6. **User Interface**: Develop a user-friendly interface that allows testers to select which tests they want to run and view results in real-time. Consider adding options to customize test parameters like network latency and device type.

7. **Documentation**: Write comprehensive documentation explaining how to install and use the utility, including setup instructions, usage examples, and troubleshooting tips.

By following these steps, you'll create a versatile tool that significantly enhances the local testing process for web and mobile applications, leveraging the powerful capabilities of the 'autosana' package.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!