agent-atm

v1.0.0 suspicious
7.0
High Risk

Agent Token Manager (agent-atm) - A lightweight, privacy-first LLM token usage metering & quota capping SDK.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high shell execution risk and moderate network risk, raising concerns about its legitimacy and potential for unauthorized system actions.

  • High shell risk (8/10) indicating potential for executing unauthorized commands.
  • Moderate network risk (6/10) suggesting possible data exfiltration.
Per-check LLM notes
  • Network: Network calls suggest the package may be sending data to an external server, which could indicate legitimate telemetry or logging but also potential data exfiltration.
  • Shell: Executing shell scripts from within the package is unusual and could be indicative of a backdoor or unauthorized actions being performed on the system.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
  • Credentials: No credential harvesting patterns detected, indicating low risk of secret theft.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, but lacks clear indicators of malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • encode("utf-8") req = urllib.request.Request( url, data=data, headers={"Content-Type"
  • try: with urllib.request.urlopen(req) as resp: return json.loads(resp
  • try: with urllib.request.urlopen(url, timeout=0.5) as resp: if resp.s
  • i/metrics?window=5m" with urllib.request.urlopen(url) as resp: metrics = json.loads(resp.read
  • cs?window={win}" with urllib.request.urlopen(url) as resp: metrics = json.loads(resp.
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • te post_request.sh res1 = subprocess.run( ["./post_request.sh", atm_server], capture_output=T
  • e post_response.sh res2 = subprocess.run( ["./post_response.sh", atm_server], capture_output=
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8000/api/events
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-atm 
Create a personal AI writing assistant application using Python, which leverages the 'agent-atm' package to manage and monitor your interactions with large language models (LLMs). This application will help you write more efficiently by providing suggestions, corrections, and even generating text based on your input. However, it will also ensure that you stay within your budget of API calls to the LLM service, thanks to 'agent-atm'. Here’s a step-by-step guide on how to develop this application:

1. **Setup Your Environment**: Start by setting up your Python environment. Install necessary packages including 'agent-atm', any chosen LLM API client (like OpenAI's), and Flask for the web interface.
2. **Integrate 'agent-atm'**: Use 'agent-atm' to initialize token tracking and set up a quota for your API usage. Configure it to alert you when you're nearing your limit.
3. **Develop Core Features**: Implement core functionalities such as text suggestion, grammar correction, and text generation. These should all use the LLM API but must respect the token limits set by 'agent-atm'.
4. **Design User Interface**: Create a simple yet effective user interface using Flask. This UI should allow users to input text and receive feedback from the AI. Include real-time updates on token usage and remaining quota.
5. **Enhance User Experience**: Add features like history tracking, allowing users to review past interactions. Also, include settings where users can customize their quota limits and notification preferences.
6. **Testing and Optimization**: Rigorously test the application to ensure smooth operation and accurate token management. Optimize performance and refine the user experience based on feedback.
7. **Deployment**: Once satisfied, deploy your application. Ensure it is secure and user-friendly.

This project not only helps users become more efficient writers but also teaches them about responsible usage of AI resources.