TigerHarness

v0.2.1 suspicious
7.0
High Risk

A generic Claude Code agent harness: iterative task execution, Slack integration, and persistent memory management.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple high-risk behaviors including executing shell commands and accessing environmental variables without validation, which raises concerns about potential malicious intent.

  • High shell risk due to execution of shell commands
  • High credential risk due to access of environmental variables without validation
Per-check LLM notes
  • Network: The package makes external network calls which could potentially be used for data exfiltration or command and control communications.
  • Shell: The package executes shell commands, which can be a sign of malicious activity if the commands are not clearly documented and serve legitimate purposes.
  • Obfuscation: The obfuscation pattern uses regular expressions imported at runtime, which is uncommon but not necessarily malicious.
  • Credentials: Environmental variables for Slack tokens and user IDs are accessed without validation or masking, indicating potential exposure and misuse risks.
  • Metadata: The maintainer's information is sparse, and the repository lacks community engagement.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • ad).encode("utf-8") req = urllib.request.Request( f"{_API_BASE}/{endpoint}", data=dat
  • , ) try: with urllib.request.urlopen(req, timeout=30) as resp: return json.lo
  • ta: bytes) -> bool: req = urllib.request.Request(url, data=data, method="POST") try: with
  • "POST") try: with urllib.request.urlopen(req, timeout=120) as resp: return 200 <=
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • ds it last). _BRIDGE_CTX_RE = __import__("re").compile(r"\n*\[bridge-context\][\s\S]*$") def _strip_brid
  • strip() _SLACK_CHANNEL_RE = __import__("re").compile(r"slack_channel:\s*([A-Z0-9]+)") def _extract_sla
Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • it`. """ try: subprocess.run( [ sys.executable, "-m", "tigerh
  • return try: subprocess.Popen( [cli, "--config", persona.tiger_memory_config_p
  • r.log").open("ab") proc = subprocess.Popen( cmd, env=env, stdout=stdout_log,
  • th)] try: subprocess.run(cmd) except KeyboardInterrupt: pass
  • ] try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=20) if
Credential Harvesting score 10.0

Found 6 credential access pattern(s)

  • { "SLACK_APP_TOKEN": os.environ.get("SLACK_APP_TOKEN", "").strip(), "SLACK_BOT_TOKEN": os.envir
  • ), "SLACK_BOT_TOKEN": os.environ.get("SLACK_BOT_TOKEN", "").strip(), "ALLOWED_SLACK_USER_IDS": o
  • agree. """ override = os.environ.get("SLACK_CEO_USER_ID", "").strip() if override: return ov
  • k_bridge_dotenv() token = os.environ.get("SLACK_BOT_TOKEN", "").strip() target = _resolve_target_user_id
  • dotenv_into_env() token = os.environ.get("SLACK_BOT_TOKEN", "").strip() if not token: return Non
  • return None ceo = os.environ.get("SLACK_CEO_USER_ID", "").strip() if not ceo: allow = os
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with TigerHarness 
Create a mini-application called 'TaskMaster' using the Python package 'TigerHarness'. TaskMaster is designed to streamline daily tasks and improve productivity by leveraging iterative task execution, Slack integration, and persistent memory management capabilities provided by TigerHarness. Here’s a detailed breakdown of what TaskMaster should achieve:

1. **User Authentication**: Implement a simple user authentication system where users can sign up and log in via Slack. This will ensure that only authorized users can access and manage their tasks.
2. **Task Management**: Users should be able to create, view, update, and delete tasks. Each task can have a title, description, due date, and priority level.
3. **Iterative Task Execution**: Utilize TigerHarness's iterative task execution feature to automatically remind users about upcoming tasks and mark them as completed if they meet certain criteria (e.g., if the task has been active for more than a week without updates).
4. **Slack Integration**: Integrate TaskMaster with Slack so that users can interact with it directly from Slack channels. They should be able to add new tasks, receive reminders, and get notifications about task status changes.
5. **Persistent Memory Management**: Use TigerHarness’s persistent memory management to store user data securely and reliably. This ensures that even if the application restarts, all user data remains intact.
6. **Customizable Reminders**: Allow users to set custom reminders for their tasks through Slack messages at specific intervals (daily, weekly, etc.).
7. **Analytics Dashboard**: Develop a simple analytics dashboard within TaskMaster that shows statistics such as total tasks created, average time taken to complete tasks, and most frequent task categories.
8. **API Documentation**: Provide comprehensive API documentation detailing how other applications can integrate with TaskMaster to extend its functionality.

For each feature listed above, describe how you would utilize TigerHarness to implement it effectively. For instance, for task management, detail how you would use TigerHarness to handle task creation, updates, and deletion while ensuring data persistence. Similarly, explain how Slack integration and iterative task execution would be facilitated by TigerHarness.