agedum

v0.25.0 suspicious
5.0
Medium Risk

Drive any agent CLI from an agent-neutral source shape (AGENTS.md + .agents/skills), translating per harness at launch.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks with notable concerns around shell execution and potential credential misuse. While not conclusive evidence of malicious intent, these factors warrant caution.

  • High shell risk due to unvalidated command execution
  • Potential credential risk from suspicious file paths
Per-check LLM notes
  • Network: The network calls seem to be making HTTP requests which could be part of normal package functionality but should be scrutinized for unexpected external communications.
  • Shell: The use of subprocess.run for git operations might be legitimate if the package is intended for Git project management, but it poses a risk if it executes commands without proper validation or sanitization.
  • Obfuscation: No obfuscation patterns detected in the code.
  • Credentials: Suspicious file paths referenced in error handling suggest potential misuse, but further investigation is needed to confirm if it's legitimate testing or actual credential harvesting.
  • Metadata: The maintainer seems new or inactive, and the repository lacks community engagement.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • + self.path request = urllib.request.Request( url, data=body or None, headers=headers
  • try: response = urllib.request.urlopen(request) # noqa: S310 (trusted upstream URL)
  • ) as proxy: request = urllib.request.Request( proxy.base_url + "/v1/messages",
  • POST", ) with urllib.request.urlopen(request) as response: assert response.st
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • return False result = subprocess.run( ["git", "-C", str(project_root), "ls-files", "--err
  • t: str) -> bool: result = subprocess.run( ["git", "-C", str(project_root), "ls-files", "--err
  • None try: return subprocess.run(argv, stdin=stdin).returncode except FileNotFoundError a
  • f _git_init_commit(root): subprocess.run(["git", "init", "-q", str(root)], check=True) subprocess
  • , str(root)], check=True) subprocess.run(["git", "-C", str(root), "add", "-A"], check=True) subpr
  • "add", "-A"], check=True) subprocess.run( [ "git", "-C",
⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • or bad in ("../escape.json", "/etc/passwd", "a/../../b.json"): with pytest.raises(ProviderErr
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Alice Voland" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agedum 
Create a versatile command-line tool using the 'agedum' package that allows users to manage and execute various AI agents' commands in a unified manner. This tool will serve as a bridge between different AI agent interfaces, enabling seamless interaction without needing to understand each agent's specific command syntax. Here’s how your project will work:

1. **Project Overview**: Develop a CLI tool named 'AgentBridge'. This tool should support multiple AI agents, such as ChatGPT, Claude, and others, by abstracting their unique command structures into a standardized format.
2. **Core Features**:
   - **Agent Configuration**: Users can add, remove, and configure supported agents through AGENTS.md and .agents/skills files.
   - **Command Execution**: Execute commands across different agents using a common syntax, allowing for easy integration and testing of various AI services.
   - **Output Standardization**: Ensure all outputs from different agents are presented in a consistent format for easier comparison and analysis.
3. **Utilizing 'agedum'**:
   - Use 'agedum' to translate the standardized command inputs into the specific formats required by each agent during runtime.
4. **Development Steps**:
   - **Setup Environment**: Install necessary packages including 'agedum', set up the project structure, and create the initial AGENTS.md file.
   - **Define Agents**: Populate the .agents/skills directory with skill definitions for each supported agent.
   - **CLI Development**: Build the CLI interface using Python, incorporating argparse or click for command parsing.
   - **Command Handling**: Implement logic to handle commands based on the current configuration, utilizing 'agedum' for translation.
   - **Testing**: Test the application thoroughly with various agents and commands to ensure reliability and consistency.
5. **Additional Enhancements**:
   - Support for adding custom agents by users.
   - Detailed logging and error handling for better user experience and debugging.
6. **Deliverables**: A fully functional CLI tool capable of managing and executing commands across multiple AI agents, along with comprehensive documentation explaining setup, usage, and customization options.