agent-delegate

v0.2.0 suspicious
4.0
Medium Risk

Universal cheap-subagent CLI — route low-reasoning tasks from Claude Code / Codex to Ollama, LM Studio, OpenRouter, Anthropic Haiku, and other backends.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to potential credential harvesting and concerns over the maintainer's activity level and history. However, there is no strong evidence of malicious intent.

  • Potential risk of credential harvesting
  • Low maintainer activity and history
Per-check LLM notes
  • Network: The observed network patterns are typical for packages that require internet connectivity to fetch resources or update status.
  • Shell: No shell execution patterns detected.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: Potential risk of credential harvesting observed in the code snippet.
  • Metadata: The repository's low activity and the maintainer's limited history suggest potential unreliability, but no concrete evidence of malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • try: req = urllib.request.Request(p.base_url, method="GET") urllib.request
  • rl, method="GET") urllib.request.urlopen(req, timeout=3.0) reach = "reachable"
  • encode("utf-8") req = urllib.request.Request(url, data=payload, headers=headers, method="POST")
  • try: with urllib.request.urlopen(req, timeout=timeout) as resp: respo
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • rn Path(legacy) tm_home = os.environ.get("TOKEN_METER_HOME") if tm_home: # Write a new file (do
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Very few commits: 2 total
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AliReza Erfan" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-delegate 
Develop a task automation tool called 'TaskMaster' using the Python package 'agent-delegate'. TaskMaster will allow users to offload simple, repetitive tasks to various AI services efficiently. The application should have a user-friendly command-line interface (CLI) that supports adding new tasks, assigning them to different AI services based on availability and cost, and monitoring their progress.

Key Features:
1. User Registration and Authentication: Allow users to sign up and log in securely.
2. Task Management: Users should be able to add tasks, view a list of all tasks, and mark tasks as completed.
3. Service Integration: Integrate multiple AI services like Claude Code, Codex, Ollama, LM Studio, OpenRouter, and Anthropic Haiku.
4. Cost Estimation: Provide an estimate of the cost for each task based on the chosen service before execution.
5. Progress Tracking: Display real-time updates on task status including start time, completion time, and any errors encountered.
6. Reporting: Generate reports summarizing task performance and costs.

Utilize the 'agent-delegate' package to handle the routing of tasks to different AI services based on the specified criteria. This includes managing communication between the main application and the selected AI backend, handling responses, and providing feedback to the user. The package will streamline the process of integrating multiple AI services, allowing TaskMaster to focus on delivering a seamless user experience.