Dojical

v1.0.0 suspicious
7.0
High Risk

Dojical - derived from NeonBunny

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning behaviors including insecure network calls, execution of potentially unsafe shell commands, and use of obfuscation techniques. While there's no clear evidence of credential theft, these indicators suggest potential malicious intent.

  • insecure network calls with 'verify=False'
  • execution of shell commands
  • use of obfuscation techniques
Per-check LLM notes
  • Network: The network calls appear to be making HTTP requests, possibly for updates or fetching resources which could be legitimate, but the use of 'verify=False' may indicate an insecure connection.
  • Shell: Executing shell commands based on user input or system type can lead to significant security risks, especially if not properly sanitized or controlled.
  • Obfuscation: The use of obfuscation techniques such as renaming and encoding suggests potential attempts to hide code behavior, which is suspicious.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: The package shows signs of low effort and potential anonymity, which could indicate suspicious activity.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ilable try: req = urllib.request.Request(PYPI_URL, headers={'User-Agent': 'Mozilla/5.0'})
  • 'Mozilla/5.0'}) with urllib.request.urlopen(req, timeout=5) as resp: data = json.loa
  • a/5.0'} try: with requests.get(url, headers=headers, timeout=30, stream=True, verify=False)
  • lts}" try: resp = requests.get(url, timeout=10) if resp.status_code == 200:
  • _plus(query)}" resp = requests.get(ddg_url, timeout=15, headers={'User-Agent': 'Mozilla/5.0'})
  • ults}" resp = requests.get(url, timeout=15) if resp.status_code == 200:
Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • red: try: __import__(dep) except ImportError: missing_req.append(
  • s(): try: __import__(dep) except ImportError: missing_opt.append(
  • s(): try: __import__(imp) except ImportError: missing.append(pkg)
  • mpy_deps: r = __import__('subprocess').run(['pipx', 'inject', pkg, dep], capture_output=True, text
  • mpy_deps: r = __import__('subprocess').run([__import__('sys').executable, '-m', 'pip', 'install',
  • __import__('subprocess').run([__import__('sys').executable, '-m', 'pip', 'install', '--user', dep], capture
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • nd cmd_exists('w3m'): os.system(f'w3m "{url}"') return system = get_system()
  • f system == 'Darwin': os.system(f'open "{url}"') return if system == 'Windows':
  • system == 'Windows': os.system(f'start "" "{url}"') return if is_android() and
  • s('termux-open'): os.system(f'termux-open "{url}"') else: os.system(
  • "') else: os.system(f'am start -a android.intent.action.VIEW -d "{url}"')
  • xists('wslview'): os.system(f'wslview "{url}" &') else: os.system('c
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Dojical 
Create a stock market analysis tool called 'DojiMaster' using the Python package 'Dojical'. This tool will help traders identify potential reversal patterns in the stock market by analyzing candlestick charts, focusing particularly on Doji patterns. A Doji pattern occurs when the opening and closing prices of a trading period are nearly equal, resulting in a cross-shaped candlestick.

### Features:
1. **Data Fetching**: Integrate real-time stock data from a popular financial API like Alpha Vantage or Yahoo Finance.
2. **Candlestick Chart Generation**: Use Dojical to generate candlestick charts for selected stocks over a specified time period.
3. **Doji Detection**: Implement algorithms within Dojical to detect Doji patterns in the generated candlestick charts.
4. **Pattern Recognition**: Enhance Doji detection by recognizing different types of Doji patterns such as Dragonfly, Gravestone, and Long-Legged Dojis.
5. **User Interface**: Develop a simple web interface using Flask or Django where users can input stock symbols and select time periods to analyze.
6. **Alert System**: Set up an alert system that notifies users via email or SMS when significant Doji patterns are detected in their chosen stocks.
7. **Historical Data Analysis**: Allow users to upload historical stock data files (.csv format) and perform Doji pattern analysis on them.
8. **Visualization**: Provide visual representations of detected Doji patterns along with the candlestick charts for better understanding.

### Steps to Build the Application:
1. **Set Up Environment**: Install necessary packages including Dojical, pandas, matplotlib, and any chosen web framework (Flask/Django).
2. **API Integration**: Configure your app to fetch live stock data from a financial API.
3. **Data Processing**: Use Dojical to process the fetched data into candlestick charts.
4. **Algorithm Development**: Develop algorithms within Dojical to accurately detect Doji patterns.
5. **UI Design**: Create a user-friendly web interface where users can interact with the app.
6. **Testing**: Test the app thoroughly with various stock symbols and time frames to ensure accuracy.
7. **Deployment**: Deploy the app on a cloud platform like Heroku or AWS for public access.
8. **Feedback Loop**: Implement a feedback mechanism where users can report issues or suggest improvements.

This project not only leverages the unique capabilities of the Dojical package but also provides practical value to traders looking to leverage technical analysis for decision-making.