adclaw

v1.0.32 suspicious
7.0
High Risk

Multi-agent AI marketing team with 121 skills, multi-channel support, and shared memory

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks due to its potential for shell and obfuscation abuse, along with credential harvesting attempts. While it may not indicate direct malicious intent, the combination of these risks is concerning and could potentially be leveraged in a supply-chain attack.

  • High shell risk due to use of os.system and subprocess.Popen
  • High obfuscation risk from functions like eval(), exec(), and pickle.loads()
Per-check LLM notes
  • Network: The use of requests to post to Google OAuth token endpoint suggests legitimate authentication purposes.
  • Shell: The detection of functions like os.system and subprocess.Popen indicates potential for arbitrary command execution, which is highly risky unless explicitly documented and necessary.
  • Obfuscation: The presence of functions like eval(), exec(), and pickle.loads() suggests potential for code injection and obfuscation, which can be used for malicious purposes.
  • Credentials: The specified file paths include sensitive system files and AWS/Kubernetes configuration files, indicating a high risk of attempting to harvest credentials or secrets.
  • Metadata: The package shows low effort in maintaining metadata and the author's anonymity raises some concerns, but there are no direct indicators of malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • requests response = requests.post( "https://oauth2.googleapis.com/token", data
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • # Direct function calls: eval(), exec(), compile() if isinstance(node.func, ast.Na
  • marshal", "loads"): ("high", "marshal.loads() — code object deserialization"), ("marshal", "load"):
  • "pickle", "loads"): ("high", "pickle.loads() — deserialization attack vector"), ("pickle", "load"):
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • os", "system"): ("critical", "os.system() — arbitrary command execution"), ("os", "popen"): ("cr
  • ) # Attribute calls: os.system(), subprocess.Popen() if isinstance(node.func, ast.A
  • "os", "popen"): ("critical", "os.popen() — arbitrary command execution"), ("os", "exec"): ("cri
  • bprocess", "call"): ("high", "subprocess.call() — command execution"), ("subprocess", "Popen"): ("high
  • process", "Popen"): ("high", "subprocess.Popen() — command execution"), ("subprocess", "run"): ("medium
  • process", "run"): ("medium", "subprocess.run() — command execution"), ("subprocess", "check_call"): (
Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • = _SENSITIVE_PATHS = [ r"/etc/passwd", r"/etc/shadow", r"/etc/sudoers", r"/etc/cront
  • = [ r"/etc/passwd", r"/etc/shadow", r"/etc/sudoers", r"/etc/crontab", r"~/.ssh",
  • env", r"\.secret", r"\.aws/credentials", r"\.aws/config", r"\.kube/config", r"id_rsa",
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository Citedy/adclaw appears legitimate

Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with adclaw 
Develop a social media marketing automation tool named 'AdClawMaster' using the 'adclaw' Python package. This tool will manage multiple social media accounts across various platforms like Facebook, Instagram, Twitter, and LinkedIn. The goal is to streamline content creation, scheduling, analysis, and engagement while ensuring all agents have access to shared insights and strategies.

Steps to develop AdClawMaster:
1. **Setup and Configuration**: Initialize the project with necessary dependencies including 'adclaw'. Configure API keys and tokens for each supported platform from your social media accounts.
2. **Agent Creation**: Use 'adclaw' to create different types of agents such as Content Creator, Scheduler, Engagement Bot, and Analyst. Each agent will specialize in one area but share information through a centralized shared memory system provided by 'adclaw'.
3. **Content Management**: Implement functionality where the Content Creator agent generates posts based on predefined templates and current trends. These posts are then reviewed and scheduled by the Scheduler agent according to optimal posting times determined by historical data.
4. **Engagement Automation**: Set up the Engagement Bot to automatically respond to comments, messages, and mentions. This bot will use shared insights about customer preferences and behaviors to tailor responses.
5. **Performance Analysis**: Utilize the Analyst agent to gather performance metrics from each post and campaign. Analyze these metrics in real-time and adjust future strategies accordingly. Ensure that all agents can access these analytics for better decision-making.
6. **User Interface**: Develop a simple yet effective web-based interface where users can configure settings, monitor activities, and receive notifications about important events. This UI will serve as a dashboard for managing all aspects of the marketing efforts.
7. **Testing and Optimization**: Thoroughly test each component of AdClawMaster to ensure seamless integration and functionality. Continuously refine algorithms and strategies based on feedback and performance data.
8. **Deployment**: Once testing is complete, deploy AdClawMaster to a cloud service or local server depending on user preference. Provide documentation and support for easy setup and usage.