Packet-isp

v1.0.2 suspicious
6.0
Medium Risk

package manager - 包管理器

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits potential risks related to network and shell activities, suggesting it may engage in behaviors beyond typical package management functionalities.

  • High shell risk due to subprocess calls that could lead to unauthorized package installations.
  • Moderate network risk with 'HEAD' requests potentially indicative of probing behavior.
Per-check LLM notes
  • Network: Network calls could be used for legitimate purposes like checking updates or downloading resources, but the use of 'HEAD' requests might indicate probing behavior.
  • Shell: Subprocess calls to pip install/uninstall can be part of package management, but unauthorized or unexpected package installations pose a significant risk.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author has only one package and no GitHub link, but there are no obvious red flags.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • try: req = urllib.request.Request(url) req.add_header('User-Agent', ua)
  • art}-{end}') with urllib.request.urlopen(req, timeout=30) as resp: with open(
  • ("max_threads", 4) req = urllib.request.Request(url, method='HEAD') req.add_header('User-Agent',
  • _agent) try: with urllib.request.urlopen(req, timeout=10) as resp: total_size = i
  • or get_user_agent() req = urllib.request.Request(url) req.add_header('User-Agent', user_agent)
  • _agent) try: with urllib.request.urlopen(req, timeout=30) as resp: total_size = i
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • ge}=={version}") result = subprocess.run([sys.executable, "-m", "pip", "install", package]) if re
  • " 卸载 {package}") result = subprocess.run([sys.executable, "-m", "pip", "uninstall", package, "-y"])
  • {package}") result = subprocess.run([sys.executable, "-m", "pip", "install", "--upgrade", packag
  • l, dest): subprocess.run([sys.executable, "-m", "pip", "install", "--upgrade", str(de
  • elif cmd == "list": subprocess.run([sys.executable, "-m", "pip", "list"]) elif cmd == "self
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain score 3.0

Suspicious email domain flags: Very short email domain: qq.com

  • Very short email domain: qq.com
Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "shiroko" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Packet-isp 
Create a simple but powerful package management tool using the 'Packet-isp' library in Python. This tool will allow users to manage their Python packages more efficiently by providing functionalities such as installing, upgrading, and removing packages. Additionally, it should include features like searching for packages and displaying package information.

Steps:
1. Set up a basic command-line interface (CLI) for your tool.
2. Implement functionality to install packages from PyPI using the 'Packet-isp' package manager.
3. Add support for upgrading existing packages to their latest versions.
4. Include a feature to remove packages that are no longer needed.
5. Integrate a search function that allows users to find available packages based on keywords.
6. Display detailed information about installed packages, including version numbers and descriptions.
7. Enhance user experience by adding help commands and error handling for common issues.

Features:
- User-friendly CLI interface
- Install, upgrade, and remove package capabilities
- Search for packages by keyword
- Display detailed package information
- Help and error handling

How 'Packet-isp' is Utilized:
- Use 'Packet-isp' for managing package installations, upgrades, and removals. It provides the underlying framework for interacting with the package ecosystem, making it easier to implement these functionalities without reinventing the wheel.