agent-forge-installer

v0.4.16 suspicious
8.0
High Risk

AgentForge — multi-agent Telegram bot framework powered by Claude Code

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks, particularly concerning credential harvesting and shell execution, which could enable unauthorized access and control. The combination of these factors raises suspicion of potential malicious intent.

  • High credential risk due to attempts to access sensitive system files.
  • Shell execution patterns pose a significant risk for arbitrary code execution.
Per-check LLM notes
  • Network: Network calls may be legitimate for downloading updates or dependencies, but require scrutiny to ensure no unauthorized data exfiltration.
  • Shell: Shell execution patterns can pose higher risks if commands are not properly sanitized and controlled, suggesting potential for executing arbitrary code.
  • Obfuscation: The obfuscation pattern suggests an attempt to hide the JSON loading process, which may indicate an effort to evade detection or analysis.
  • Credentials: The code attempts to access '/vault/notes/../../../etc/passwd', likely aiming to retrieve sensitive information, indicating a high risk of credential harvesting.
  • Metadata: The maintainer has only one package and the repository is not found, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • "{url}?{query}" req = urllib.request.Request(url) with urllib.request.urlopen(req, timeou
  • est.Request(url) with urllib.request.urlopen(req, timeout=timeout) as resp: return js
  • (data).encode() req = urllib.request.Request( url, data=body, headers={"C
  • try: with urllib.request.urlopen(req, timeout=timeout) as resp: retur
  • encode("utf-8") request = urllib.request.Request( target_url, data=payload, h
  • , ) try: with urllib.request.urlopen(request, timeout=10) as response: if 200
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ath: str) -> dict: return __import__("json").loads(Path(path).read_text(encoding="utf-8")) def run_cro
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • dir, ) proc = subprocess.Popen( cmd, stdout=subprocess.PIPE,
  • t, ) result = subprocess.run( cmd, capture_output=True,
  • ) result = subprocess.run( cmd, capture_output=True,
  • ) try: result = subprocess.run( ["claude", "auth", "status"], captu
  • ) try: result = subprocess.run( ["gh", "auth", "status"], capture_o
  • t.timer...") try: subprocess.run( ["systemctl", "--user", "daemon-reload"],
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • ent.get("/vault/notes/../../../etc/passwd", headers=_auth_headers()) assert response.status_code
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Martin Rancourt" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-forge-installer 
Create a mini-application that leverages the 'agent-forge-installer' package to deploy a sophisticated multi-agent system within a Telegram group chat. This application will serve as a personalized assistant for managing tasks, providing information, and engaging in conversation. Here's a detailed breakdown of the project scope and requirements:

1. **Project Overview**: Develop a Telegram bot using the 'agent-forge-installer' package which allows users to interact with multiple agents (each with unique functionalities) through a single interface. These agents can handle different types of requests such as task management, weather updates, news summaries, and more.

2. **Core Features**:
   - **Multi-Agent Architecture**: Implement at least three distinct agents: a Task Manager, a Weather Bot, and a News Bot.
   - **User Interaction**: Enable users to communicate with these agents via commands or natural language processing (NLP) to request information or perform actions.
   - **Dynamic Responses**: Agents should be capable of generating dynamic responses based on user inputs and current data.
   - **Integration Capabilities**: Integrate with external APIs for real-time data fetching (e.g., weather API, news API).
   - **User Management**: Allow users to join and leave the group, as well as manage their interactions with specific agents.

3. **Implementation Steps**:
   - Step 1: Set up your development environment by installing the 'agent-forge-installer' package and setting up a Telegram bot.
   - Step 2: Define the architecture for each agent, including their roles and capabilities.
   - Step 3: Use the 'agent-forge-installer' to initialize and configure your multi-agent system, ensuring it's compatible with the Telegram bot framework.
   - Step 4: Implement the core functionalities for each agent, focusing on user interaction and data processing.
   - Step 5: Test the integration with external APIs and ensure seamless communication between the agents and the Telegram bot.
   - Step 6: Deploy the system and conduct thorough testing in a controlled environment before making it available to end-users.

4. **Expected Outcome**: By the end of this project, you'll have a functional Telegram bot powered by 'agent-forge-installer', capable of handling diverse user requests through a multi-agent system. This project not only showcases the power of AI in creating interactive applications but also demonstrates the versatility of the 'agent-forge-installer' package in building complex systems.