agent-handoff-certified-mcp

v1.0.6 suspicious
4.0
Medium Risk

Verifiable agent-to-agent task handoff with signed provenance chain. Initiating agent signs the offer, accepting agent signs acceptance, chain is verifiable offline. Non-repudiable A2A delegation.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows minimal direct risks but lacks maintainer metadata and repository activity, raising concerns about its legitimacy and potential supply-chain compromise.

  • Missing maintainer metadata
  • No repository activity
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communications.
  • Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity related to code obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: The maintainer's author name is missing, and the repository has no activity which raises suspicion.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: meok.ai>

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agent-handoff-certified-mcp 
Create a Python-based mini-application called 'TaskMCP' that leverages the 'agent-handoff-certified-mcp' package to facilitate secure, verifiable task handoffs between agents in a decentralized environment. This application will serve as a proof-of-concept for non-repudiable A2A (Agent-to-Agent) delegation using cryptographic signatures and a provenance chain. Here’s a detailed breakdown of the application requirements and steps to implement it:

1. **Setup Environment**: Ensure you have Python installed along with the 'agent-handoff-certified-mcp' package. If not already installed, use pip to install the package.

2. **Define Agents**: Each agent within the system will have a unique identifier and the ability to sign and verify messages using their private/public key pair. Use the 'agent-handoff-certified-mcp' package to manage these cryptographic operations.

3. **Task Offering**: Implement a feature where an initiating agent can offer a task to another agent. This offer must be signed by the initiating agent and include details such as the task description, deadline, and any necessary resources.

4. **Task Acceptance**: The accepting agent should be able to view the offered task, sign an acceptance if they agree to take on the task, and send this back to the initiating agent. Both the offer and acceptance should be stored in a verifiable provenance chain.

5. **Provenance Chain Management**: Utilize the 'agent-handoff-certified-mcp' package to maintain and verify the integrity of the provenance chain. This chain should be accessible for offline verification to ensure non-repudiation.

6. **User Interface**: Develop a simple command-line interface (CLI) for users to interact with the TaskMCP application. This interface should allow agents to view available tasks, accept offers, and check the status of the provenance chain.

7. **Testing**: Create test cases to validate the functionality of the application, focusing on the security aspects such as the correct signing and verification of offers and acceptances, and the integrity of the provenance chain.

8. **Documentation**: Provide clear documentation on how to set up the environment, run the application, and understand the flow of task handoffs within the system.

Optional Features:
- Implement a notification system for when new tasks are offered or accepted.
- Allow for the delegation of tasks to multiple agents in a hierarchical structure.
- Incorporate a dispute resolution mechanism where conflicts over task ownership can be resolved through the provenance chain.