Svenesis Script Security Scanner

Version 2.0.0 – GPL-3.0-or-later

Scans all Python scripts in Siril script folders for malicious patterns. Static pattern-matching analysis across 10 threat categories with anti-evasion measures.

Features

• 10 threat categories: file system destruction, data theft, network exfiltration, backdoor, code execution escalation, persistence, obfuscation, denial of service, social engineering, supply chain
• Severity levels: HIGH, MEDIUM, LOW for each detection
• Anti-evasion measures against obfuscation attempts
• Automatic scan of all scripts in Siril script folders
• Detailed reports with findings and explanations
• Standalone tool – no separate instructions needed

Workflow

Run script in Siril → automatic scan of all scripts in the script folder → review report with threats and severity levels.

Dependencies

PyQt6

⚠️ A word of caution before you scan

Siril Python scripts are powerful — and that power cuts both ways. A script can do virtually anything your user account can do on this machine: delete files and folders, download and execute additional programs, exfiltrate data, modify system settings … everything you can imagine a bad actor might want to do.

We are a friendly and welcoming astronomy community — but you never truly know where a script came from or who really wrote it. Be careful about where you load scripts from.

This tool gives you an impression of what a script is doing under the hood — potentially dangerous calls, obfuscated code, network access, file deletions, and more. It is a genuine help for spotting suspicious behaviour.

However: this is a cat-and-mouse game (as we say in German: „Hase und Igel“ — hare and hedgehog). A determined bad actor who knows this scanner exists will adapt their script to avoid triggering the rules. No automated tool can give you a 100 % guarantee. Use your own judgement, only run scripts from sources you trust, and keep backups of your data.

Stay safe — and clear skies. 🌠

⚠️ Important — Why you should always do an AI check

This scanner performs static analysis based on pattern matching — it looks for known dangerous signatures in the source code. A clever attacker can evade these patterns. ChatGPT and Claude understand code semantically, like a human expert would, and can catch threats that pattern-based tools miss entirely. Paste the script into either AI with the prompt below — it takes 30 seconds and could save you from serious harm:

“You are an expert Python developer and cybersecurity specialist. Analyze the following Python script designed for the astrophotography program Siril. The script can access Siril data via its API but runs with full user-level OS permissions. Review the code for any malicious, harmful, or risky behavior — including but not limited to: file system access, network calls, data exfiltration, privilege escalation, obfuscated code, or destructive operations. Provide a security risk assessment and a clear recommendation on whether the script is safe to run.”

Features

• 10 threat categories: File System — Destructive, File System — Data Theft, Network — Exfiltration, Network — Inbound/Backdoor, Code Execution — Escalation, Persistence, Obfuscation, Denial of Service, Social Engineering, Supply Chain.
• Severity levels: HIGH (red) — likely dangerous; MEDIUM (orange) — suspicious; LOW (blue) — informational.
• Script directory discovery: Automatically reads configured Siril script paths from the OS-specific Siril config file; falls back to well-known default locations.
• Anti-evasion measures: Multi-line continuation joins, triple-quoted string awareness, import alias expansion, comment-line filtering.
• Detailed findings: Click any finding for a full explanation; double-click to open the file in your default text editor.
• Export: Save a full plain-text report of all findings with explanations.
• Startup warning: Explains the limitations of static analysis and reminds you to also use AI-assisted review.
• AI-assisted analysis tip: Includes a ready-to-use prompt for ChatGPT or Claude to perform a semantic review that can catch threats pattern-based tools miss.

Requirements

• Siril 1.4+ with Python script support
• sirilpy (bundled with Siril)
• PyQt6 (installed automatically when the script runs)

Usage

1. Run Svenesis Script Security Scanner from Siril: Processing → Scripts (or your Scripts menu).
2. The scanner auto-discovers your Siril script directories. Use Add Directory… or Paste Paths to add more.
3. Select the threat categories you want to scan, then press Scan Now.
4. Review findings grouped by file. Click a finding for details; double-click to open the file.
5. Use Export Report… to save the results as a plain-text file.