agent-memory-labs

v0.1.14 suspicious
7.0
High Risk

Agentic Memory: Structural Code Graph with Neo4j and MCP

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple red flags including high risks associated with shell execution, obfuscation, and credential handling. These factors, combined with suspicious metadata, suggest potential malicious intent or significant security flaws.

  • High shell execution risk
  • Significant obfuscation
  • Potential credential harvesting
Per-check LLM notes
  • Network: Network calls appear to be for embedding services, which may be legitimate if the package involves AI or data processing.
  • Shell: Shell execution patterns suggest potential for executing arbitrary commands, which could be risky if not properly sanitized or intended for malicious use.
  • Obfuscation: The code shows signs of obfuscation which may indicate an attempt to hide functionality, raising suspicion.
  • Credentials: Multiple instances of AWS credentials being accessed through environment variables suggest potential unauthorized harvesting of sensitive information.
  • Metadata: Suspicious non-HTTPS link and lack of maintainer information suggest potential low effort or inactive project.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • } response = requests.post( self._gemini_embedding_2_endpoint(),
  • try: with httpx.Client(timeout=10.0) as client: response = client.
  • 0)) try: with httpx.Client(timeout=10.0) as client: resp = client.get(
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ._device) self.model.eval() self._uses_native_text_encode = ( ha
Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • ocess[str]: result = subprocess.run( ["git", *args], cwd=self.repo_roo
  • > None: self._proc = subprocess.Popen( command, stdin=subprocess.PIPE,
  • try: completed = subprocess.run( self._config.command, inp
  • try: proc = subprocess.run( cmd, input=script,
  • mbined output.""" proc = subprocess.run( [str(cli), str(db), "-r", "-m", "csv", "-s"],
Credential Harvesting score 10.0

Found 5 credential access pattern(s)

  • "AWS_ACCESS_KEY_ID": bool(os.getenv("AWS_ACCESS_KEY_ID")), "AWS_SECRET_ACCESS_KE
  • "AWS_SECRET_ACCESS_KEY": bool(os.getenv("AWS_SECRET_ACCESS_KEY")), }, "
  • "AWS_ACCESS_KEY_ID": bool(os.getenv("AWS_ACCESS_KEY_ID")), "AWS_SECRET_ACCESS_KEY":
  • "AWS_SECRET_ACCESS_KEY": bool(os.getenv("AWS_SECRET_ACCESS_KEY")), "AWS_PROFILE": bool(o
  • "AWS_PROFILE": bool(os.getenv("AWS_PROFILE")), }, } def to_dict(se
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8765
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-memory-labs 
Create a knowledge management system named 'CodeMind' using the Python package 'agent-memory-labs'. This system will enable developers to store, retrieve, and analyze their codebase through a structured graph database powered by Neo4j and MCP (Memory Construction Protocol). The application should allow users to upload source code files from various programming languages, parse these files into a structural code graph, and then use this graph to perform queries and analysis on the codebase. Here’s how you can approach building 'CodeMind':

1. **Setup Environment**: Install Python and necessary libraries including 'agent-memory-labs', Neo4j, and any other dependencies required.
2. **File Upload Interface**: Develop a simple web interface where users can upload multiple source code files at once.
3. **Code Parsing and Graph Construction**: Use 'agent-memory-labs' to parse uploaded files and construct a structural code graph. Ensure that the graph captures key elements like functions, classes, variables, and their relationships.
4. **Querying the Graph**: Implement a feature that allows querying the constructed graph to find information such as function definitions, class hierarchies, variable usage, etc. Users should be able to search for specific code elements and get visual representations of their connections within the codebase.
5. **Analysis Tools**: Provide basic analysis tools such as dependency analysis, complexity measurement, and code similarity detection using the graph data.
6. **Visualization**: Integrate a visualization component that displays the graph structure in a user-friendly way, helping developers understand the architecture of their codebase.
7. **Documentation and User Guide**: Prepare comprehensive documentation and a user guide explaining how to use 'CodeMind', including setup instructions, file format requirements, and examples of queries and analyses.

Utilize the 'agent-memory-labs' package effectively throughout the development process to ensure efficient handling of large-scale codebases and accurate representation of code structures in the graph database.