AI Analysis
Final verdict: SUSPICIOUS
The package has a moderate risk score due to potential network and shell risks. While it does not show signs of immediate malicious activity, the use of subprocess calls and unclear network destinations warrant caution.
- network risk 5/10
- shell risk 8/10
Per-check LLM notes
- Network: The network call suggests the package might be performing some form of data conversion or retrieval, which could be legitimate but requires further investigation to confirm its purpose and destination.
- Shell: Executing commands via 'subprocess.run' can indicate the package is designed to perform system-level tasks, potentially moving files or executing scripts, which poses a higher risk if not properly documented and controlled.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows low maintenance and effort, but there's no direct evidence of malicious intent.
Heuristic Checks
Outbound Network Calls
score 3.0
Found 2 network call pattern(s)
field 1: request req = urllib.request.Request( _CONVERT_URL, data=body,) try: with urllib.request.urlopen(req, timeout=60) as resp: return resp.r
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 2.0
Found 1 shell execution pattern(s)
try: result = subprocess.run( [ "agent-migrator", "move",
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: northeastern.edu>
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository builderpepc/agent-migrator appears legitimate
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agent-migrator
Create a mini-application named 'CodeCompanion' that serves as a bridge for developers working with different AI coding assistants. This application will use the 'agent-migrator' Python package to migrate conversation history seamlessly between various AI coding agents, ensuring that developers can switch between tools without losing context. Step 1: Define the core functionality of 'CodeCompanion'. It should allow users to select two AI coding agents (source and destination) and specify the conversation history they wish to migrate from one agent to another. Users should be able to choose specific conversations or all conversations associated with their account. Step 2: Implement user authentication for both the source and destination AI coding agents. This ensures that only authorized users can access and migrate their conversation histories. Step 3: Utilize the 'agent-migrator' package to handle the migration process. The package should be integrated into your application to facilitate the transfer of conversation data. Ensure that you handle any data format differences between the agents gracefully. Step 4: Develop a user-friendly interface where developers can manage their migrations. This could be a simple command-line interface or a more sophisticated web-based UI depending on your preference and the complexity of the application. Suggested Features: - Support for multiple AI coding agents out-of-the-box. - Real-time progress tracking during migration processes. - Error handling and recovery mechanisms in case of failed migrations. - Option to preview the conversation data before initiating a migration. - Secure storage and transmission of user credentials and conversation data. The goal is to create a tool that not only simplifies the process of switching between AI coding assistants but also enhances the developer experience by preserving valuable conversation history.