agent-genesis

v0.0.58 suspicious
8.0
High Risk

Agent Genesis evaluation SDK.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks related to network communication and shell execution, which could indicate malicious behavior such as C2 or data exfiltration. Additionally, there are signs of obfuscation, further complicating analysis and increasing suspicion.

  • High network risk
  • High shell execution risk
  • Signs of obfuscation
Per-check LLM notes
  • Network: The observed network calls suggest the package may be communicating with an external server, potentially for purposes like command and control (C2) or data exfiltration.
  • Shell: The use of subprocess to execute shell commands can indicate legitimate functionality but also poses risks for executing arbitrary code, which could be used for malicious activities.
  • Obfuscation: The observed patterns suggest potential obfuscation techniques that may be used to hide code or data, raising concerns about the package's intent.
  • Credentials: No clear evidence of credential harvesting was found in the provided code snippets.
  • Metadata: Suspicious non-HTTPS links and a new maintainer account raise concerns.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • resp: Response = requests.post( f"{self.base_url}/internal/pending-submiss
  • resp: Response = requests.post( f"{self.base_url}/internal/claim-submissio
  • resp: Response = requests.post( f"{self.base_url}/internal/unclaim-submiss
  • head_resp: Response = requests.head(signed_url, timeout=10) content_length: int = i
  • resp: Response = requests.get(signed_url, timeout=timeout) if 400 <= resp
  • resp: Response = requests.post( f"{self.base_url}/internal/eval-update",
⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • dict[str, bytes]: raw = base64.b64decode(artifact_b64) with zipfile.ZipFile(io.BytesIO(raw)) as
  • "" try: data = base64.b64decode(artifact_base64) return hashlib.sha256(data).hexdig
  • rn artifact_base64 raw = base64.b64decode(artifact_base64) src = zipfile.ZipFile(io.BytesIO(raw),
  • e_data["artifact_size"] = len(base64.b64decode(artifact_b64)) except Exception: phase
  • name: content}.""" raw = base64.b64decode(b64) entries: dict[str, str] = {} with zipfile.Zip
  • ct_from_dir(root) assert base64.b64decode(b64) r = ProblemRegistry(mode=ClientMode.USER, api_ke
⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • err, "a") proc = subprocess.Popen( cmd, cwd=cwd,
  • ) result = subprocess.run( cmd, cwd=cwd, env=en
  • nts=True, exist_ok=True) subprocess.run( ["uv", "venv", str(venv_dir), "--system-site-packa
  • po_root / "AgentGenesis" subprocess.run( ["uv", "pip", "install", "--python", str(venv_dir
  • ot_dir / "workspace" subprocess.run( ["bash", "-lc", f"cd {workspace_dir} && source
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

⚠ Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://82.157.250.20/problems
  • Non-HTTPS external link: http://your-backend
βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Zane" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agent-genesis 
Create a command-line tool named 'AgentSimulator' using Python that leverages the 'agent-genesis' package to simulate and evaluate various agents in a controlled environment. This tool will allow users to define different types of agents, run simulations where these agents interact based on predefined rules, and evaluate their performance using metrics provided by the 'agent-genesis' SDK. Here’s a detailed breakdown of the project scope and requirements:

1. **Setup**: Begin by installing the necessary packages including 'agent-genesis'. Ensure your development environment is set up properly.
2. **Agent Definition**: Users should be able to define agents through configuration files or directly via command line arguments. Each agent must have attributes like name, initial state, action capabilities, etc.
3. **Simulation Environment**: Develop a simulation environment where agents can interact with each other and their surroundings according to specified rules. This could include scenarios such as resource competition, cooperative tasks, or strategic games.
4. **Execution**: Implement functionality to start, pause, and stop simulations. Users should be able to control the duration of the simulation and the frequency of reporting updates.
5. **Evaluation**: Utilize the 'agent-genesis' package to evaluate the performance of each agent after the simulation concludes. Metrics might include efficiency, adaptability, cooperation level, etc.
6. **Reporting**: At the end of each simulation, generate a report summarizing the performance of all agents involved. This report should be both printed to the console and saved as a file.
7. **Extensibility**: Design the system so it’s easy to add new types of agents and environments in the future without major changes to the existing codebase.
8. **Documentation**: Provide comprehensive documentation detailing how to install and use 'AgentSimulator', as well as examples of different configurations and scenarios.

This project aims to provide a flexible platform for researchers and developers interested in studying agent behaviors under various conditions.