agent-coherence

v0.8.4.1 suspicious
6.0
Medium Risk

Token optimization layer for multi-agent LangGraph systems — cut shared-artifact token costs via MESI cache coherence, one import change

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks, particularly in shell and credential handling, suggesting it may engage in unusual behaviors or pose a threat to credentials.

  • Shell risk 7/10
  • Credential risk 7/10
Per-check LLM notes
  • Network: The network calls could be legitimate if the package requires external API interactions, but unusual endpoints or headers may indicate potential exfiltration.
  • Shell: The shell execution patterns suggest the package might perform Git operations or run Python scripts, which can be normal but also indicative of unexpected behavior or backdoors.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: Potential risk of harvesting credentials through unusual file access attempts.
  • Metadata: The author has only one package, which may indicate a new or less active account, but no other red flags were identified.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • date(extra_headers) req = urllib.request.Request( url=f"{endpoint.base_url}{path}", m
  • date(extra_headers) req = urllib.request.Request( url=f"{endpoint.base_url}{path}", d
  • cute(req) def _execute(req: urllib.request.Request) -> dict[str, Any]: try: with urllib.req
  • , Any]: try: with urllib.request.urlopen(req, timeout=CLI_HTTP_TIMEOUT_SEC) as resp:
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • """ try: result = subprocess.run( ["git", "-C", str(cwd), *args], che
  • rminal busy. try: subprocess.Popen( [ sys.executable, "-m", "ccs.cl
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • ream supplying ``CLAUDE.md -> /etc/passwd`` (or sibling-workspace CLAUDE.md) could yield attacker-c
  • de workspace root** (e.g., ``"/etc/passwd"``) → rejected with ``"path outside workspace root"``
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository hipvlady/agent-coherence appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Arbiter contributors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-coherence 
Create a real-time collaborative document editor using the 'agent-coherence' Python package. This application will allow multiple users to edit the same document simultaneously while optimizing token usage through the MESI cache coherence protocol provided by the 'agent-coherence' package. Here’s a detailed breakdown of the project steps and features:

1. **Setup**: Install necessary packages including 'agent-coherence', Flask for the backend, and Socket.IO for real-time communication.
2. **User Interface**: Design a simple, intuitive UI where users can log in or remain anonymous and join a document session.
3. **Document Management**: Implement functionality to create, open, and save documents. Use 'agent-coherence' to manage document state across different user sessions efficiently.
4. **Real-Time Editing**: Enable real-time editing capabilities where changes made by one user are instantly reflected on others' screens. Ensure that 'agent-coherence' minimizes token usage by caching and coherently managing shared artifacts.
5. **Conflict Resolution**: Implement basic conflict resolution mechanisms such as versioning or inline conflict markers to handle simultaneous edits.
6. **Security**: Add security measures like basic authentication to protect user data and ensure only authorized users can access and modify documents.
7. **Testing & Optimization**: Test the application thoroughly, focusing on performance under heavy load conditions and optimize the use of 'agent-coherence' to enhance efficiency.
8. **Documentation**: Provide comprehensive documentation detailing how to set up and use the application, including a section explaining the integration and benefits of 'agent-coherence'.

This project not only showcases the power of 'agent-coherence' in optimizing token usage in multi-agent systems but also demonstrates practical applications in real-world scenarios such as collaborative workspaces.