Package Metadata

Author: —
Email: Guillaume Ayoub <guillaume.ayoub@kozea.fr>, Unrud <unrud@outlook.com>, Peter Bieringer <pb@bieringer.de>
PyPI: Radicale
Python: >=3.9.0
Versions: 89 releases
First release: 13 Apr 2010, 01:52 UTC
Analysed: 05 Jun 2026, 19:58 UTC
Source files: 62 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableEnvironment :: ConsoleEnvironment :: Web EnvironmentIntended Audience :: End Users/DesktopIntended Audience :: Information TechnologyLicense :: OSI Approved :: GNU General Public License (GPL)Operating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple high-risk behaviors including potential unauthorized credential harvesting and execution of commands with elevated privileges, indicating a high likelihood of malicious intent.

Granting read access to /etc/shadow
Executing commands through the shell with elevated privileges

Per-check LLM notes

Network: The use of SMTP suggests potential network communication which could be legitimate but requires scrutiny to ensure it's not being used for unauthorized data transfer.
Shell: Executing commands through the shell with elevated privileges can pose significant security risks and may indicate an attempt to gain system control or execute arbitrary code.
Obfuscation: The base64 encoding pattern is suspicious and may be used to hide code logic or sensitive information.
Credentials: Granting read access to /etc/shadow is highly unusual and indicates potential unauthorized credential harvesting.
Metadata: The package has some red flags including missing maintainer information and no associated GitHub repository, but there are no clear signs of typosquatting or suspicious links.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

oded"} response = requests.post( self._endpoint, data=req_params, headers=re
ONE: server = smtplib.SMTP(host=self.host, port=self.port) elif self.securi
xt() server = smtplib.SMTP(host=self.host, port=self.port) server.ehlo(

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

self.configuration, environ, base64.b64decode( authorization.encode("ascii"))).split("

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

try: p = subprocess.Popen( command, stdin=subprocess.DEVNULL,
NULL, shell=True, universal_newlines=True, preexec_fn=preexec_fn,

⚠ Credential Harvesting score 5.0

Found 2 credential access pattern(s)

radicale user need access to /etc/shadow by e.g. chgrp radicale /etc/shadow chmod g+r """ i
ow by e.g. chgrp radicale /etc/shadow chmod g+r """ import grp import pwd from radicale imp

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: bieringer.de>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

No GitHub repository linked

No GitHub repository link found

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Radicale

Create a personal calendar and contact management system using the Python package 'Radicale'. This application will serve as both a CalDAV server for managing calendars and a CardDAV server for managing contacts. Your task is to build a fully functional mini-app that allows users to create, read, update, and delete events and contacts through a simple command-line interface or web interface.

### Core Features:
- **Calendar Management:** Users should be able to create new calendars, add events, view events, modify events, and delete events.
- **Contact Management:** Users should be able to create new address books, add contacts, view contacts, modify contacts, and delete contacts.

### Additional Features:
- **Authentication:** Implement basic authentication to secure access to calendars and contacts.
- **Synchronization:** Allow synchronization with other CalDAV/CardDAV clients like Apple Calendar or Google Calendar.
- **Notifications:** Send email notifications for upcoming events and new contacts added.
- **Backup:** Provide a feature to backup all calendars and contacts to a local file.

### How 'Radicale' is Utilized:
- Use 'Radicale' to set up a CalDAV and CardDAV server to handle requests for calendar and contact operations.
- Configure 'Radicale' to store calendar and address book data in a specified directory on the server.
- Implement user authentication using 'Radicale's built-in support or integrate an external authentication service.
- Develop a frontend interface (either command-line or web-based) to interact with the 'Radicale' server.

Your goal is to demonstrate proficiency in integrating 'Radicale' into a real-world application while providing a useful tool for personal organization and management of events and contacts.