agent-skill-kit

v0.9.0 suspicious
4.0
Medium Risk

Centralized skills repository and CLI toolkit for AI agents

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential shell execution risks from git commands and the maintainer's lack of experience indicated by having only one package and no linked GitHub repository.

  • Moderate shell risk from git commands
  • Less experienced maintainer with only one package
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package relies on internet resources.
  • Shell: Git commands indicate package maintenance or update functionalities but could pose risks if used to execute arbitrary code.
  • Metadata: The maintainer has only one package and no GitHub repository link, which may indicate a less experienced or potentially suspicious actor.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • "2.0.0", "generated": __import__("datetime").datetime.now().isoformat(), "skills": [] }
⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • test try: subprocess.run(["git", "pull"], cwd=str(target_dir), check=True, capture_ou
  • lone try: subprocess.run(["git", "clone", url, str(target_dir)], check=True, capture_
  • return try: subprocess.run(["git", "-C", str(tap_path), "add", "."], check=True)
  • d", "."], check=True) subprocess.run(["git", "-C", str(tap_path), "commit", "-m", f"Update agent-
  • rsion}"], check=True) subprocess.run(["git", "-C", str(tap_path), "push"], check=True) pr
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Nava" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agent-skill-kit 
Create a personalized task management assistant using the 'agent-skill-kit' Python package. This mini-application will serve as a command-line interface (CLI) tool where users can manage their daily tasks, set reminders, and receive notifications based on their preferences. Here’s how you can structure your project:

1. **Setup**: Start by installing the 'agent-skill-kit' package and setting up a basic CLI framework.
2. **Task Management**: Implement functionalities to add, delete, update, and view tasks. Each task should have details like title, description, due date, priority level, etc.
3. **Reminders & Notifications**: Utilize the 'agent-skill-kit' to integrate reminder functionalities. Users should be able to set reminders for specific tasks and receive notifications either via the CLI or through email/SMS.
4. **Customization Options**: Allow users to customize their experience by setting default notification times, choosing preferred notification methods, and more.
5. **Integration with External Services**: Optionally, extend the functionality by integrating with external calendar services like Google Calendar or Outlook to sync tasks and reminders.
6. **Testing & Documentation**: Ensure thorough testing of all functionalities and provide comprehensive documentation on how to use the CLI tool effectively.

By leveraging the 'agent-skill-kit', focus on making the assistant intelligent and user-friendly, capable of understanding natural language commands for task management and customization.