AI Analysis
Final verdict: SUSPICIOUS
While the package shows minimal signs of obfuscation or credential harvesting, its execution of external commands without user consent raises concerns about potential malicious intent.
- Shell risk due to executing external commands without user consent.
- Low obfuscation and credential risks.
Per-check LLM notes
- Network: The network call to PyPI seems legitimate for checking package information.
- Shell: Executing external commands without user consent is risky and may indicate potential malicious behavior.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The maintainer has only one package, which might indicate a new or less active user, but no other red flags are present.
Heuristic Checks
Outbound Network Calls
score 3.0
Found 2 network call pattern(s)
t permissions. return requests.get(full_url, headers=self._headers(), stream=True) def deltry: r = requests.get( f'https://pypi.org/pypi/{self.package_name}
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 4.0
Found 2 shell execution pattern(s)
tion, # so we can use subprocess.run(). cmd = [uv, 'self', 'update', '--no-config']ss.list2cmdline(cmd)) subprocess.run(cmd, check=True) except subprocess.CalledProcessError as
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository sbellon/ChurchSong appears legitimate
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "Stefan Bellon" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with ChurchSong
Develop a fully-functional mini-application named 'ChoirMaster' using the Python package 'ChurchSong'. This application will automate the process of preparing PowerPoint presentations for church services, ensuring that all necessary details are accurately and efficiently included. Hereβs a detailed step-by-step guide on what the application should accomplish and how it will utilize the 'ChurchSong' package: 1. **Event Agenda Fetching**: Use 'ChurchSong' to download the event agenda from ChurchTool. This includes the schedule of songs, speakers, and other important segments of the service. 2. **Staff Information Integration**: Retrieve information about the service staff including their names and portraits. Utilize 'ChurchSong' to ensure this data is correctly formatted and inserted into a PowerPoint template. 3. **Song Database Verification**: Before adding any song to the presentation, verify its presence in the church's approved song database. This ensures that only appropriate music is used during the service. 4. **Dynamic Slide Creation**: Based on the verified data, create dynamic PowerPoint slides. Each slide should include relevant details such as song titles, speaker names, and times for different segments of the service. 5. **User Interface**: Design a simple yet intuitive user interface where users can input additional notes or make adjustments to the presentation layout if needed. 6. **Output Presentation**: Finally, the application should generate a fully formatted PowerPoint presentation ready for use in the upcoming service. Suggested Features: - A preview mode allowing users to see what the final presentation will look like before generating it. - An option to export the presentation in different formats, not just PowerPoint. - Automated notifications when new events are added to the ChurchTool calendar. The 'ChurchSong' package plays a crucial role in fetching and verifying data, making ChoirMaster a powerful tool for church administrators looking to streamline their service preparation processes.