agenda-intelligence-md

v1.1.0 suspicious
6.0
Medium Risk

CLI, MCP server, and JSON schemas for validating and auditing strategic-risk AI agent output

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks related to network and shell activities, as well as potential obfuscation techniques. These factors suggest a need for closer scrutiny.

  • High shell risk due to subprocess execution
  • Potential obfuscation with use of 'eval'
Per-check LLM notes
  • Network: The package makes network requests which could potentially be used for external communications, raising some suspicion.
  • Shell: Subprocess execution is detected, which can be a red flag as it allows the package to execute arbitrary commands on the host system.
  • Obfuscation: The presence of 'eval' aliased as 'score' is suspicious and could indicate an attempt to evade detection or execute arbitrary code.
  • Credentials: No obvious patterns for harvesting credentials were detected.
  • Metadata: Suspicious non-HTTPS link present, but no other red flags.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • ".join(self._buf) req = urllib.request.Request( url, headers={"User-Agent": "agenda
  • ligence-md)"}, ) with urllib.request.urlopen(req, timeout=timeout) as resp: raw = resp.re
  • dy).encode("utf-8") req = urllib.request.Request( url, data=data, method="POS
  • ), }, ) with urllib.request.urlopen(req, timeout=timeout) as response: # noqa: S310 — f
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • faults(func=cmd_report) # eval (alias of score) p = sub.add_parser("eval", help="Run the
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • le in installed package") subprocess.run([sys.executable, str(script_path)], check=True) def cmd_me
  • \n" try: result = subprocess.run( shlex.split(command), input=stdin,
  • run_script(args): return subprocess.run([sys.executable, str(SCRIPT)] + args, capture_output=True, t
  • n_cli(category): result = subprocess.run( [sys.executable, "-m", "agenda_intelligence.cli", "
  • pletedProcess[str]: res = subprocess.run(CLI + list(args), capture_output=True, text=True, cwd=ROOT,
  • tuple[int, dict]: proc = subprocess.run( [sys.executable, str(GATE), "--anchors", str(ANCHOR
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8080/v1/middle-corridor/deal-risk
Git Repository History

Repository vassiliylakhonin/agenda-intelligence-md appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Vassiliy Lakhonin" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agenda-intelligence-md 
Create a strategic risk management tool using Python's 'agenda-intelligence-md' package. This tool will serve as a decision support system for managers and executives to evaluate potential risks associated with AI-driven strategies. The application should include the following features:

1. **Risk Assessment Interface**: A user-friendly interface where users can input details of their AI strategy, including objectives, methods, and potential impacts.
2. **CLI & Web Interface**: Offer both a command-line interface (CLI) and a web-based interface for accessibility.
3. **Automated Risk Analysis**: Use 'agenda-intelligence-md' to validate the input data against predefined JSON schemas and perform automated audits to identify potential strategic risks.
4. **Risk Report Generation**: Generate comprehensive reports detailing identified risks, their severity, and recommendations on mitigation strategies.
5. **Customizable Schemas**: Allow users to customize JSON schemas based on their specific industry or organizational needs.
6. **Integration with External Data Sources**: Provide options to integrate external data sources for more accurate risk assessments.
7. **Dashboard for Monitoring**: Develop a dashboard feature that allows continuous monitoring of ongoing projects and updates risk status in real-time.

Utilize the 'agenda-intelligence-md' package to handle the validation and auditing processes. Ensure that your application demonstrates proficiency in utilizing CLI commands and integrating with the MCP server for real-time analysis. Your goal is to create a versatile tool that enhances decision-making processes in organizations leveraging AI technologies.