AI Analysis
Final verdict: SUSPICIOUS
The package exhibits a moderate risk level due to its potential to execute arbitrary shell commands, despite showing no signs of obfuscation or credential harvesting. The author's limited history with PyPI adds some uncertainty.
- moderate shell execution risk
- author has only one published package
Per-check LLM notes
- Network: The network call pattern suggests the package may be performing legitimate operations like downloading resources.
- Shell: The shell execution pattern indicates potential for executing arbitrary commands which could be used for malicious purposes if not properly controlled.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The author has only one package, which may indicate a new or less active account.
Heuristic Checks
Outbound Network Calls
score 3.0
Found 2 network call pattern(s)
bject]: try: with urllib.request.urlopen(url, timeout=timeout) as response: paylo> Path: try: with urllib.request.urlopen(url, timeout=timeout) as response, target.open(
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 2.0
Found 1 shell execution pattern(s)
try: completed = subprocess.run( args, cwd=cwd, text=Tru
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository omry/agent-skill-installer appears legitimate
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "Omry Yadan" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agent-skill-installer
Create a fully-functional mini-application named 'SkillCraft' that leverages the 'agent-skill-installer' package to manage and install various AI agent skills into a user's environment. SkillCraft will serve as a versatile platform where users can discover, install, and manage different skills tailored for their AI agents. The application should provide an intuitive interface for users to browse available skills, review skill descriptions, and install them seamlessly using the 'agent-skill-installer' package. Key Features: 1. **Skill Discovery**: Users should be able to search for skills by name or category, and view details about each skill including a description, version, and dependencies. 2. **Installation Management**: Implement a feature that allows users to install selected skills using the 'agent-skill-installer' package. This process should handle all aspects of installation, such as downloading, extracting, and configuring the skill according to its requirements. 3. **Skill Updates**: Include functionality to check for updates on installed skills and offer an option to update them through the application. 4. **Skill Uninstallation**: Provide an easy way for users to uninstall skills they no longer need, ensuring all related files and configurations are properly removed. 5. **User Profiles**: Allow users to create profiles where they can save their preferred skills and track their installed ones. 6. **Community Contributions**: Integrate a system where users can contribute new skills or improvements to existing ones, enhancing the community-driven nature of the application. The 'agent-skill-installer' package is utilized throughout the application to ensure seamless installation, updating, and uninstallation processes for skills. Your task is to design and implement these features in a Python-based application, making sure to document your code thoroughly and include comments explaining how each part interacts with the 'agent-skill-installer'. Additionally, ensure the application is well-structured, adhering to best practices in software development.