AI Analysis
Final verdict: SUSPICIOUS
The package shows signs of potential obfuscation and lacks a substantial development history, raising concerns about its intentions. However, it does not exhibit behaviors typically associated with malicious activities such as network calls or credential harvesting.
- Obfuscation risk due to zlib decompression
- Limited maintainer activity and history
Per-check LLM notes
- Network: No network calls detected, indicating low risk.
- Shell: Shell execution is used for process and file handling, which could be benign but requires further investigation into the package's purpose.
- Obfuscation: The presence of zlib decompression suggests potential obfuscation or encoding practices, raising some concern.
- Credentials: No clear patterns indicating credential harvesting were detected.
- Metadata: The package is newly created with minimal activity and the maintainer has limited history, raising suspicion but not conclusive evidence of malintent.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
score 2.0
Found 1 obfuscation pattern(s)
annels try: raw = zlib.decompress(bytes(compressed)) except zlib.error as exc: rai
Shell / Subprocess Execution
score 6.0
Found 3 shell execution pattern(s)
return [] proc = subprocess.run( [pgrep, "-P", str(pid)], capture_output=Truvailable on PATH") proc = subprocess.run( [lsof, "-p", str(pid)], capture_output=Truestr]: try: proc = subprocess.run( args, input=input_text,
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 6.0
3 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage is very new: uploaded 3 day(s) agoAuthor "NeonWatty" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agent-conveyor
Create a Python-based local task management application named 'TaskMover' that leverages the 'agent-conveyor' package to manage and execute tasks efficiently. TaskMover will serve as a simple yet powerful tool for users to define, schedule, and monitor their tasks locally. The application should have the following core functionalities: 1. **Task Definition**: Users can define tasks with specific parameters such as task name, description, execution command, and dependencies. 2. **Task Scheduling**: Tasks can be scheduled to run at specific times or after certain events occur. 3. **Task Execution**: Utilize 'agent-conveyor' to manage the execution of these tasks in a controlled environment, ensuring they run without interfering with other processes. 4. **Monitoring and Reporting**: Provide real-time monitoring of task status (queued, running, completed, failed) and generate reports on task performance and outcomes. 5. **Dependency Management**: Handle dependencies between tasks, ensuring that dependent tasks only start once all prerequisites are completed successfully. 6. **User Interface**: Develop a basic command-line interface (CLI) for user interaction, allowing them to easily add, modify, delete, and view tasks. To achieve these goals, you will need to utilize the 'agent-conveyor' package to set up a local agent that manages the execution of tasks. This involves creating workers that can handle individual tasks, setting up a conveyor belt system to queue tasks, and implementing a control plane to manage the workflow. Ensure that the application is modular and well-documented, making it easy for others to extend its functionality or integrate it into larger systems.