AI Analysis
Final verdict: SUSPICIOUS
The package has low technical risks but exhibits significant metadata anomalies such as a lack of maintainer history and low repository engagement, raising concerns about its legitimacy and potential for supply-chain attacks.
- Low repository engagement
- Lack of maintainer history
Per-check LLM notes
- Network: No network calls detected, which is normal if the package does not require internet access.
- Shell: No shell execution patterns detected, indicating no direct system command execution from the package.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
- Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret theft.
- Metadata: The package shows several red flags including lack of maintainer history, low repository engagement, and potential for a new or inactive account.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: meok.ai>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 6.0
3 maintainer concern(s) found
Only one version has ever been released — brand new packageAuthor name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agent-replay-debugger-mcp
Create a Python-based application that leverages the 'agent-replay-debugger-mcp' package to enable developers to debug and audit their autonomous agents effectively. This application should allow users to record the actions of their agents in real-time, store these actions for later replay, and provide deterministic playback to help identify and resolve issues within the agent's decision-making process. Additionally, the app should support exporting the recorded actions as signed audit evidence for compliance and transparency purposes. Key Features: 1. Real-time Recording: Implement a feature that captures each action taken by the agent during its operation. Ensure that the recording includes all relevant data points such as timestamps, states, and outcomes. 2. Deterministic Playback: Develop functionality that allows users to replay the agent's actions exactly as they occurred, ensuring that every step is reproducible and consistent. This will aid in debugging complex scenarios where the issue might not be immediately apparent. 3. Debugging Interface: Provide a user-friendly interface for stepping through the agent's actions one by one. Users should be able to pause, resume, and skip steps to inspect the state of the agent at any given point. 4. Audit Evidence Export: Enable the export of recorded actions as signed audit evidence. This feature should generate tamper-proof records that can be reviewed for compliance checks and audits. Utilization of 'agent-replay-debugger-mcp': - Use the package's core capabilities to handle the recording and replay functionalities seamlessly. Ensure that the application integrates with the package's API to capture and store agent actions efficiently. - Leverage the deterministic replay feature provided by the package to offer precise control over the playback process. This ensures that developers can recreate any scenario exactly as it happened, facilitating thorough analysis. - Employ the audit evidence export mechanism offered by the package to produce reliable and verifiable logs of the agent's activities. This is crucial for maintaining transparency and accountability in the use of autonomous agents.