AI Analysis
Final verdict: SUSPICIOUS
The package DQRbuild v0.3.0 has a moderate risk score due to its shell execution risks and metadata inconsistencies.
- Subprocess calls within the package may pose legitimate but unverified execution risks.
- Lack of maintainer history and author information suggests potential metadata tampering.
Per-check LLM notes
- Network: No network calls detected, minimal risk.
- Shell: Subprocess calls to Python modules within the package may be legitimate, but require further investigation into the purpose and necessity of these executions.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package is suspicious due to lack of maintainer history and a missing author name, indicating potential risk.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 4.0
Found 2 shell execution pattern(s)
temp("e2e_dag") result = subprocess.run( [ sys.executable, "-m", "dqr_config.dqrp("dag_output") result = subprocess.run( [ sys.executable, "-m", "dqr_config.dqr
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: ligo.org>
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Only one version has ever been released — brand new packageAuthor name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with DQRbuild
Create a Python-based mini-application named 'DataQualityChecker' that leverages the DQRbuild package to perform comprehensive data quality checks on input datasets. This application should serve as a robust tool for data analysts and engineers who need to ensure their datasets meet specific criteria before further analysis or processing. Step-by-Step Requirements: 1. **Setup Environment**: Ensure the environment is set up with the latest version of DQRbuild installed via pip. 2. **User Interface**: Develop a simple command-line interface (CLI) where users can interact with the DataQualityChecker app. The CLI should accept inputs such as file paths and parameters for different data quality checks. 3. **Data Quality Checks**: - Implement at least five types of data quality checks using DQRbuild functionalities. These could include completeness, uniqueness, consistency, validity, and accuracy checks. 4. **Report Generation**: After performing the checks, generate a detailed report summarizing the findings. The report should be saved as a PDF and/or CSV file, providing insights into which records passed and failed each check. 5. **Integration with External Tools**: Allow for the integration of the DataQualityChecker results with popular data visualization tools like Tableau or PowerBI, enabling users to visualize the data quality metrics. 6. **Error Handling and Logging**: Incorporate error handling mechanisms and logging to track any issues during execution and provide meaningful feedback to the user. 7. **Documentation**: Write comprehensive documentation for the application, including setup instructions, usage guidelines, and examples of how to use the CLI effectively. How DQRbuild is Utilized: - Use DQRbuild to manage dependencies and ensure all required libraries are correctly pinned to compatible versions. This will help maintain stability and reliability in the application. - Leverage DQRbuild's toolkit for executing various data quality checks efficiently and accurately. Each type of check should utilize appropriate functions or modules from DQRbuild to process and analyze the dataset.