Package Metadata

Author: agent-scaffold contributors
Email: —
PyPI: agent-scaffold-cli
Python: >=3.11
Versions: 2 releases
First release: 07 May 2026, 02:05 UTC
Analysed: 06 Jun 2026, 07:30 UTC
Source files: 61 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaEnvironment :: ConsoleIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Software Development :: Build ToolsTopic :: Software Development :: Code Generators

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to potential shell command execution and credential handling practices. While these activities might be legitimate, they warrant closer scrutiny.

Shell risk due to possible external command execution
Credential risk due to use of 'keyring' and 'getpass' for password retrieval

Per-check LLM notes

Network: The network patterns indicate legitimate use of sockets and urllib for making HTTP requests, possibly for version control or dependency checks.
Shell: The shell execution patterns suggest the package may execute external commands, which could pose a risk if not properly sanitized or controlled.
Obfuscation: No obfuscation patterns detected.
Credentials: The code attempts to retrieve passwords using 'keyring' and 'getpass', which may indicate legitimate password management but could also be used for credential harvesting.
Metadata: The package shows minimal engagement from the maintainer and community, raising some suspicion but not definitive evidence of malice.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 7.5

Found 5 network call pattern(s)

t=6379) try: with socket.create_connection((host, port), timeout=timeout) as sock: sock.sen
try: with socket.create_connection((host, port), timeout=timeout): pass
twork calls go through :func:`urllib.request.urlopen` so tests can monkeypatch the transport without touc
mits/{spec.branch}" req = urllib.request.Request(url, headers={"Accept": "application/vnd.github+json
_etag) try: with urllib.request.urlopen(req, timeout=_NETWORK_TIMEOUT_SECONDS) as resp:

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

rn 0 try: proc = subprocess.run( [*pager.split(), str(chosen)], chec
letedProcess[str]: return subprocess.run( cmd, shell=False, capture_output=Tr
oad={"cmd": cmd})) proc = subprocess.run(cmd, check=False, capture_output=True, text=True) if on_
, msg try: proc = subprocess.run( cmd, cwd=cwd, check=Fal
d)})) try: proc = subprocess.run( cmd, cwd=cwd, check=Fal
e the parent kill. proc = subprocess.Popen( # noqa: S603 — cmd is list-form, shell=False, callers cont

⚠ Credential Harvesting score 10.0

Found 5 credential access pattern(s)

e) try: from_kr = keyring.get_password(SERVICE_NAME, name) except keyring.errors.KeyringError a
v" try: from_kr = keyring.get_password(SERVICE_NAME, name) except keyring.errors.KeyringError:
backend. try: v = keyring.get_password(SERVICE_NAME, DEFAULT_KEY_NAME) if v: cr
pass try: return getpass.getpass(prompt).strip() except (EOFError, KeyboardInterrupt) as
try: raw = getpass.getpass(f"Enter {m.env_var} ({m.service.id}): ") except

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "agent-scaffold contributors" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-scaffold-cli

Your task is to develop a command-line tool called 'AgentCraft' that leverages the 'agent-scaffold-cli' package to streamline the creation of AI agents from markdown specifications found in the 'agent-deployments' repository. This tool will not only facilitate the generation of these agents but also offer additional functionalities to enhance user experience and automation.

Step-by-Step Requirements:
1. **Setup**: Begin by installing 'agent-scaffold-cli' via pip and setting up a virtual environment for your project.
2. **CLI Interface**: Create a CLI interface using Python's argparse module or similar, allowing users to specify actions like 'generate', 'list', and 'update'.
3. **Generate Functionality**: Implement the 'generate' command which takes a specification file path as input and uses 'agent-scaffold-cli' to create the corresponding AI agent project.
4. **List Functionality**: Add a 'list' command that fetches and displays all available agent specifications from the 'agent-deployments' repo, including their descriptions and any other relevant metadata.
5. **Update Functionality**: Introduce an 'update' command to refresh the local copy of the 'agent-deployments' repo, ensuring users have access to the latest agent specifications.
6. **Customization Options**: Allow users to customize certain aspects of the generated agent projects, such as naming conventions or specific configurations, through command-line arguments or configuration files.
7. **Error Handling**: Ensure robust error handling throughout the tool, providing clear and informative messages when issues arise.
8. **Documentation**: Provide comprehensive documentation for your CLI tool, covering installation, basic usage, and advanced customization options.

Suggested Features:
- Integration with version control systems (e.g., Git) for easy management of generated projects.
- Support for multiple output directories for generated projects.
- Option to generate a README.md file summarizing the generated project details.
- Ability to filter the list of available specifications based on tags or categories.
- Enhanced logging for better tracking of operations performed by the CLI tool.