BabelDOC

v0.6.3 suspicious
6.0
Medium Risk

Yet Another Document Translator

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to potential unauthorized network activity and elevated shell command execution, indicating possible system-level vulnerabilities.

  • network risk
  • shell risk
Per-check LLM notes
  • Network: The detected network calls suggest the package may be making external API requests, which could be part of its functionality but also raises concerns about potential unauthorized data transmission.
  • Shell: Executing shell commands to retrieve version information from git can be a legitimate operation, but it might indicate the package has access to system-level operations that could be exploited.
  • Obfuscation: The use of base64 decoding suggests some level of obfuscation, but it could be for legitimate purposes such as handling images or fonts.
  • Credentials: No clear evidence of credential harvesting is present.
  • Metadata: The author's information is incomplete, which raises some suspicion but not enough to conclude malice.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • t is None: async with httpx.AsyncClient() as client: response = await client.get(url, fo
  • t is None: async with httpx.AsyncClient() as client: response = await client.get(
  • odel("gpt-4o") async with httpx.AsyncClient() as client: onnx_task = asyncio.create_task(get_doc
  • t}/inference") response = httpx.post( f"{host}/inference", data=packed_data,
  • t}/inference") response = httpx.post( # f"{host}/analyze?min_sim=0.7&early_stop=0.99&time
  • t}/inference") response = httpx.post( f"{host}/analyze?min_sim=0.7&early_stop=0.99&timeou
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • image_data = base64.b64decode(inline_form.form_data) draw_op.append(im
  • "): font_name_bytes = base64.b64decode(font_name[7:]) font = font_name_bytes.split(b"+")[-1
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • WATERMARK_VERSION = ( subprocess.check_output( # noqa: S603 [git_path, "describe", "--always"
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: funstory.ai>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository funstory-ai/BabelDOC appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with BabelDOC 
Create a multilingual document translation tool using the Python package 'BabelDOC'. This tool will allow users to upload documents in various formats (such as .docx, .pdf), select their desired source language, and choose a target language for translation. The application should support at least five different languages, including English, Spanish, French, German, and Chinese. Additionally, it should provide a feature to download the translated document in the same format as the original file. Users should also be able to view a preview of the translated content before downloading the file. The application should have a user-friendly interface, either command-line based or web-based, and must ensure data privacy by not storing any uploaded files on the server. Utilize BabelDOC's core features for the translation process and consider integrating additional functionalities such as error handling for unsupported file types or languages, progress tracking during translation, and support for multiple simultaneous translations.