PraisonAI

v4.6.52 suspicious
6.0
Medium Risk

PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse through shell execution and obfuscation techniques, raising concerns about its legitimacy and intentions.

  • High shell risk due to uncontrolled execution of external commands
  • Significant obfuscation risk indicating possible attempts to conceal malicious actions
Per-check LLM notes
  • Network: Network calls are likely for legitimate purposes such as fetching resources or updates, but should be reviewed to ensure they align with the package's intended functionality.
  • Shell: Shell execution is used for launching external tools like editors and browser automation, which could pose risks if not properly sanitized or controlled.
  • Obfuscation: The presence of base64 decoding and encoding suggests an attempt to obfuscate code, which could be used to hide malicious activities.
  • Credentials: Accessing environment variables for tokens and IDs without proper validation or sanitization indicates potential unauthorized access risks.
  • Metadata: Low activity and lack of classifiers suggest low effort, but no clear malicious indicators.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • try: response = httpx.get(source, timeout=30, follow_redirects=True) respo
  • else: async with aiohttp.ClientSession( connector=aiohttp.TCPConnector(ssl=self._ss
  • ) async with aiohttp.ClientSession( connector=aiohttp.TCPConnector(ssl=self._ssl_ve
  • e: async with aiohttp.ClientSession( connector=aiohttp.TCPConnector(ssl=self
Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • e64 decoded = base64.b64decode(authorization[6:]).decode("utf-8") if ":" in
  • decoded = base64.b64decode(auth[6:]).decode("utf-8") if ":" in deco
  • io_payload = base64.b64encode(base64.b64decode(response['delta'])).decode('utf-8')
  • i_classes", lambda: ( __import__("crewai", fromlist=["Agent", "Task", "Crew"]).Agent, __import__("crewai", fromlist=["Agent", "Tas
  • ask", "Crew"]).Agent, __import__("crewai", fromlist=["Agent", "Task", "Crew"]).Task, __import__("crewai", fromlist=["Agent", "Task
  • Task", "Crew"]).Task, __import__("crewai", fromlist=["Agent", "Task", "Crew"]).Crew, )) def _get_autogen(): """Lazy load autogen
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • no") try: subprocess.run([editor, str(ENV_FILE)], check=True) except subproce
  • l Playwright browsers subprocess.check_call([sys.executable, '-m', 'playwright', 'install']) setup(
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • self._token = token or os.environ.get("DISCORD_BOT_TOKEN", "") if not self._token: rais
  • f._channel_id = channel_id or os.environ.get("DISCORD_CHANNEL_ID", "") self._timeout = timeout sel
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository mervinpraison/PraisonAI appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Mervin Praison" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with PraisonAI 
Develop a fully-functional mini-app called 'Collaborative Task Manager' using the PraisonAI package. This app aims to streamline team task management by leveraging AI agents for task assignment, progress tracking, and feedback collection. Utilize PraisonAI's core features to ensure simplicity, customization, and efficient human-agent interaction.

Step 1: Define User Roles
- Users can be either Team Leaders or Team Members. Team Leaders assign tasks, while Team Members complete them.

Step 2: Implement Task Assignment
- Use PraisonAI to create an AI agent that assigns tasks based on user preferences, skill sets, and current workload. Ensure the agent can learn from past assignments to improve future allocations.

Step 3: Track Task Progress
- Develop another AI agent within PraisonAI to monitor task completion status. This agent should update the system in real-time as tasks are completed or when new tasks are added.

Step 4: Collect Feedback
- Integrate PraisonAI to enable Team Members to provide feedback on assigned tasks directly through the app. The AI should analyze this feedback and suggest improvements for future assignments.

Step 5: Generate Reports
- Create a feature where PraisonAI generates periodic reports summarizing task completion rates, average time taken per task, and overall team productivity. These reports should be customizable to cater to different user needs.

Suggested Features:
- Customizable notifications for task updates and reminders.
- Integration with existing calendars and scheduling tools.
- A chat interface for direct communication between users and AI agents.
- Data visualization tools for better understanding of task completion trends.

How to Utilize PraisonAI:
- Leverage PraisonAI's framework for building and managing multiple AI agents involved in different aspects of task management.
- Use PraisonAI's self-reflection capabilities to continuously improve the efficiency and accuracy of task assignments and feedback analysis.