agent-shell-service-runtime

v0.6.0 suspicious
4.0
Medium Risk

Filesystem-backed agent runtime with an inbound FastAPI service above the LLM layer

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is flagged as suspicious due to its potential for executing arbitrary commands and signs of low maintenance effort, although there's no evidence of direct malicious activity.

  • Shell risk due to execution of arbitrary commands
  • Metadata risk due to low maintainer effort
Per-check LLM notes
  • Network: Network calls to external endpoints may indicate legitimate service interactions but also could be used for unauthorized data transfer.
  • Shell: Execution of arbitrary commands can pose significant risks if not properly controlled, potentially allowing for system compromise.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low effort and could potentially be suspicious due to the lack of maintainer history and missing author information.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • json req = urllib.request.Request( webhook_url,
  • ) urllib.request.urlopen(req, timeout=1.0) except Exception:
  • e("utf-8") request = urllib.request.Request(self.endpoint, data=data, method="POST") re
  • lication/json") with urllib.request.urlopen(request, timeout=60) as response: body
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • ath) -> str: completed = subprocess.run( args, cwd=str(cwd), check=True,
  • be empty.") completed = subprocess.run( command_args, shell=False, cwd=s
  • gs[0]}") completed = subprocess.run( [executable] + args[1:], shell=Fa
  • def run(*args): return subprocess.run( [sys.executable, "-m", "runtime.cli", *args],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-shell-service-runtime 
Develop a small yet comprehensive project named 'FileBot' which leverages the 'agent-shell-service-runtime' Python package to manage and manipulate files on a local filesystem via a user-friendly web interface. This application will serve as a versatile file management tool, enabling users to perform common operations such as creating, reading, updating, and deleting files and directories. Additionally, it will support more advanced features like file search, content preview, and basic file conversion capabilities.

### Project Scope:
- **User Interface**: Create a clean, responsive web interface using HTML, CSS, and JavaScript frameworks like React or Vue.js.
- **Backend Service**: Implement a backend service using FastAPI, which interacts with the 'agent-shell-service-runtime' package to handle filesystem operations.
- **Core Features**:
  - User Authentication: Integrate a simple authentication system allowing users to create accounts and log in securely.
  - File Operations: Enable users to upload files, download files, rename files/directories, and delete files/directories.
  - Directory Navigation: Allow users to navigate through different directories within their account's storage space.
  - Search Functionality: Provide a search bar where users can find files by name or content.
  - Content Preview: Display previews of supported file types such as images, documents, and videos.
  - Conversion Tools: Implement basic file conversion tools, such as converting between PDF and image formats.

### Utilization of 'agent-shell-service-runtime':
- Use the package to initialize and manage an agent runtime environment that provides access to the filesystem.
- Leverage the FastAPI service provided by the package to expose endpoints for all file-related operations.
- Ensure that all filesystem interactions are performed securely and efficiently through the service layer.

### Additional Considerations:
- Ensure the application is scalable and can handle multiple concurrent users.
- Implement logging and error handling mechanisms to monitor and debug the application effectively.
- Document the setup process and API endpoints clearly for future maintenance and expansion.

This project aims to demonstrate the power and flexibility of the 'agent-shell-service-runtime' package while providing a useful tool for managing files online.