agent-dispatch

v0.6.0 suspicious
7.0
High Risk

MCP server that lets Claude Code agents delegate tasks to agents in other project directories

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high shell and credential risks, indicating potential misuse for unauthorized system actions and credential harvesting. However, no direct evidence of malicious activity is found.

  • High shell risk due to subprocess execution
  • High credential risk with suspicious file paths and hardcoded strings
Per-check LLM notes
  • Network: No network calls detected, which is neutral.
  • Shell: Subprocess execution commands may indicate the package performs system tasks, but without context, there's a concern it could be used for unauthorized actions.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: Suspicious file paths and hardcoded strings may indicate potential credential harvesting activities.
  • Metadata: The maintainer has only one package, which might indicate a new or less active account.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • serve"], }) result = subprocess.run( ["claude", "mcp", "add-json", "agent-dispatch", mcp
  • try: result = subprocess.run( [claude_path, "mcp", "list"],
  • try: proc = subprocess.run( cmd, cwd=str(agent.director
  • out) try: proc = subprocess.Popen( cmd, cwd=str(agent.directory),
  • h argument # lists (never shell=True); see runner._build_command and the arg-injection # gua
Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • ../secret", "../../etc/passwd", "ABCDEF0123456789abcdef0123456789", # upperc
  • assert store.get("../../etc/passwd") is None def test_path_raises_on_invalid_id(self, sto
  • server.dispatch_cancel("../../etc/passwd") assert "Invalid ref" in json.loads(raw)["error"]
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository ginkida/agent-dispatch appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "ginkida" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-dispatch 
Create a task delegation mini-app using the 'agent-dispatch' Python package that enables efficient task distribution among various agents located in different project directories. Your goal is to build a system where a central dispatcher agent can send tasks to specialized agents based on their capabilities and availability. This app will simulate a real-world scenario where multiple microservices collaborate to achieve a common goal.

### Key Features:
- **Task Registration**: Agents register themselves with the dispatcher upon startup, indicating their capabilities and current load.
- **Dynamic Task Assignment**: The dispatcher intelligently assigns incoming tasks to the most suitable agent based on predefined criteria such as expertise, current workload, and response time.
- **Status Updates**: Agents periodically update the dispatcher about their status (busy/idle) and completion of assigned tasks.
- **Error Handling**: Implement robust error handling mechanisms to manage scenarios like failed task execution or agent unavailability.
- **Logging and Monitoring**: Integrate logging to track task assignments, execution times, and any errors encountered during task processing.
- **User Interface**: Develop a simple web interface using Flask or Django to monitor the task flow, agent status, and task outcomes.

### Utilization of 'agent-dispatch':
- Use the 'agent-dispatch' package to set up the MCP server responsible for managing the registration of agents, task assignment, and status updates.
- Leverage the package’s features to facilitate seamless communication between the dispatcher and the agents across different directories.
- Ensure that your implementation demonstrates the flexibility and scalability of the 'agent-dispatch' package by showcasing its ability to handle a growing number of agents and tasks.