acp-ai

v0.3.0 suspicious
5.0
Medium Risk

ACP — AI Control Plane: deterministic governance and execution control for enterprise AI agents.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to potential network and shell execution vulnerabilities, despite having low credential and obfuscation risks. The maintainer's limited presence adds to the suspicion.

  • moderate network risk
  • high shell risk
  • low experience maintainer
Per-check LLM notes
  • Network: Network calls are likely for tool functionality but could indicate external dependencies or updates.
  • Shell: Shell execution for Docker commands suggests local environment management but may pose risks if misused for unintended actions.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package and no associated GitHub repository, which could indicate a less experienced or potentially suspicious actor.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • try: r = requests.get(url, timeout=3) print(f"{label}: OK ({r.status_c
  • _base}/tool-call" r = requests.post(url, json=body, headers=headers, timeout=self._timeout_s)
  • ovals/{trace_id}" r = requests.get(url, headers=self._request_headers(), timeout=self._timeout_
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • r"): try: subprocess.run( ["docker", "compose", "version"],
  • f" JWT: {jd}") rc = subprocess.call(_compose_cmd(*build, "up", "-d"), env=env) if rc != 0:
  • Namespace) -> int: return subprocess.call(_compose_cmd("down"), env=compose_env()) def cmd_status(_:
  • e.Namespace) -> int: rc = subprocess.call(_compose_cmd("ps"), env=compose_env()) if rc != 0:
  • o generate dev JWT keys") subprocess.run( ["openssl", "genrsa", "-out", str(priv), "2048"],
  • apture_output=True, ) subprocess.run( ["openssl", "rsa", "-in", str(priv), "-pubout", "-o
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "SV" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with acp-ai 
Create a mini-application called 'AI Workflow Orchestrator' using the Python package 'acp-ai'. This application will serve as a centralized control plane for managing various AI workflows within an organization. The goal is to demonstrate the package's capabilities in deterministic governance and execution control for enterprise AI agents.

### Application Overview:
- **Centralized Dashboard:** Provide a user-friendly interface where users can manage multiple AI workflows.
- **Workflow Management:** Users should be able to create, edit, delete, and monitor AI workflows.
- **Execution Control:** Implement features to start, pause, resume, and terminate workflow executions.
- **Monitoring & Logging:** Log details of each workflow execution including start time, end time, and any errors encountered.
- **Integration with External Systems:** Integrate the application with external systems such as databases or other services to fetch data needed for AI workflows.

### Key Features:
1. **Dynamic Workflow Creation:** Allow users to define workflows dynamically through a graphical interface or via a configuration file.
2. **Versioning & History:** Maintain a history of all changes made to workflows and allow users to revert to previous versions if necessary.
3. **Real-Time Monitoring:** Display real-time status updates for ongoing workflows.
4. **Error Handling & Notifications:** Automatically notify users about errors during workflow execution and provide suggestions on how to resolve them.
5. **Scalability:** Ensure the application can handle multiple concurrent workflows without performance degradation.

### Utilizing 'acp-ai':
- Use 'acp-ai' for defining and managing the lifecycle of AI workflows. This includes creating, updating, starting, pausing, resuming, and stopping workflows.
- Leverage the package's deterministic governance features to ensure that workflows execute as intended every time, regardless of external factors.
- Implement execution controls provided by 'acp-ai' to manage concurrency and resource allocation for different workflows.
- Utilize logging capabilities from 'acp-ai' to maintain detailed logs of workflow executions for auditing and debugging purposes.

### Deliverables:
- Fully functional mini-application with source code.
- Documentation explaining how the application works and how to use it.
- A short demo video showcasing key features of the application.