Package Metadata

Author: —
Email: Jacob Brunson <[email protected]>
PyPI: agent-skills-installer
Python: >=3.11
Versions: 3 releases
First release: 06 Mar 2026, 22:58 UTC
Analysed: 06 Jun 2026, 07:36 UTC
Source files: 10 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaEnvironment :: ConsoleIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high shell risk due to potential unauthorized git cloning, suggesting it may be used for downloading and executing code from external sources. However, there are no direct indicators of malicious activity beyond this.

High shell risk due to potential unauthorized git cloning.
Suspicious metadata indicating potential malicious use.

Per-check LLM notes

Network: No network calls detected, which is normal if the package does not require internet access.
Shell: The detected shell execution pattern suggests potential unauthorized git cloning, indicating possible malicious intent to download and execute code from external sources.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The package shows signs of potentially being used for malicious purposes due to the suspicious git repository and maintainer history.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

t-skills-")) try: subprocess.run( ["git", "clone", "--depth", "1", repo_url, str(

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: jacobbrunson.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks
Single contributor with only 3 commit(s) — possibly throwaway account

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-skills-installer

Create a Python-based command-line tool named 'SkillMigrator' that leverages the 'agent-skills-installer' package to facilitate the management of coding agent skills. This tool should enable users to easily clone coding agent skills from various Git repositories into their local environment, allowing for seamless integration and use within their projects.

Step-by-Step Functionality:
1. Upon launching 'SkillMigrator', the user should be greeted with a menu where they can choose between different actions such as 'Clone Skill', 'List Available Skills', or 'Exit'.
2. If the user selects 'Clone Skill', they will be prompted to enter the URL of the Git repository containing the desired skill. The tool will then utilize the 'agent-skills-installer' package to download and install the specified skill into a predefined directory on the user's system.
3. For 'List Available Skills', the tool should display a list of skills that have been successfully cloned and installed locally, providing information such as the name of the skill, the repository it was cloned from, and its current version.
4. Additionally, include a feature to update existing skills to their latest versions from their respective repositories using the 'agent-skills-installer' package.
5. Ensure that the tool handles errors gracefully, providing meaningful messages to the user when issues arise, such as invalid URLs or network connectivity problems.
6. Finally, provide an option to exit the program cleanly after any action is completed.

Suggested Features:
- Implement a caching mechanism to store metadata about each skill, such as the last time it was updated, to enhance performance and reduce redundant operations.
- Allow users to specify a custom directory for installing skills instead of using the default one.
- Include a help section accessible from the main menu that explains how to use each feature of the tool.
- Add support for multiple Git authentication methods, such as username/password, SSH keys, or OAuth tokens, to ensure compatibility with various Git hosting services.

How 'agent-skills-installer' is Utilized:
- The 'agent-skills-installer' package is primarily used to handle the cloning process of skills from Git repositories. It abstracts away the complexities of interacting directly with Git, making it easier to focus on other aspects of the application such as user interface design and error handling. By leveraging this package, you can ensure that skills are cloned securely and efficiently.