Package Metadata

Author: A2CR
Email: —
PyPI: a2cr-mcp
Python: <3.15,>=3.12
Versions: 7 releases
First release: 11 May 2026, 08:06 UTC
Analysed: 05 Jun 2026, 22:57 UTC
Source files: 7 .py files scanned

Project Links

Changelog Documentation Homepage Issues MCP Registry Source

Classifiers

Development Status :: 3 - AlphaLicense :: Other/Proprietary LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: DocumentationTopic :: Software Development :: Libraries :: Application FrameworksTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to potential obfuscation techniques and unclear network activity. While there is no evidence of direct malicious intent such as shell execution or credential theft, the obscurity and lack of active maintenance raise concerns about its true purpose.

High obfuscation risk
Unclear network communication

Per-check LLM notes

Network: The package makes network calls which could indicate legitimate functionality like API interactions, but the specific URLs and context are unclear, raising suspicion.
Shell: No shell execution patterns detected, suggesting low risk for direct system command execution.
Obfuscation: The use of base64 decoding with error handling suggests possible obfuscation to hide code logic.
Credentials: No clear signs of credential harvesting detected.
Metadata: The maintainer seems new or inactive, and the repository lacks community engagement.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

ent(content_to_save) with httpx.Client() as client: r = client.post( _save_url(
a new AI window.""" with httpx.Client() as client: if slot_number is not None:
required", } with httpx.Client() as client: if slot_number is not None:
on-expired slots.""" with httpx.Client() as client: r = client.get(_list_url(), headers=_HE
nticated API key.""" with httpx.Client() as client: r = client.get(_limits_url(), headers=_
ete a named slot.""" with httpx.Client() as client: r = client.delete(_delete_url(slot_name

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

se try: decoded = base64.b64decode(compact, validate=True) except (binascii.Error, ValueErr

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "A2CR" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with a2cr-mcp

Create a mini-application named 'CheckpointHandler' that leverages the 'a2cr-mcp' package to manage encrypted checkpoints for AI agents. This application should allow users to securely store and retrieve checkpoints of their AI agents, ensuring that the data remains encrypted both at rest and during transmission. The application will utilize WorkBaton and WorkStash functionalities provided by 'a2cr-mcp' to facilitate efficient checkpoint management.

Step 1: Set up the environment
- Install Python and necessary libraries including 'a2cr-mcp'.
- Configure the application to use WorkBaton and WorkStash services.

Step 2: Design the User Interface
- Develop a simple command-line interface for interacting with the application.
- Implement options for creating new checkpoints, listing existing checkpoints, and retrieving specific checkpoints.

Step 3: Implement Core Functionality
- Utilize 'a2cr-mcp' to encrypt and decrypt checkpoints using client-side encryption.
- Integrate WorkBaton to manage the lifecycle of tasks related to checkpoint operations.
- Use WorkStash to securely store the encrypted checkpoints.

Step 4: Enhance Security and Usability
- Add support for user authentication to restrict access to checkpoints.
- Implement logging to track all operations performed on checkpoints.
- Provide options for users to delete or archive old checkpoints.

Suggested Features:
- Real-time status updates for ongoing checkpoint operations.
- Support for multiple storage locations with 'a2cr-mcp'.
- Ability to set retention policies for checkpoints.
- Integration with cloud storage providers for backup purposes.

The application should demonstrate the seamless integration of 'a2cr-mcp' into a practical solution, showcasing its capabilities in managing secure and encrypted AI agent checkpoints.