agent-strace

v0.52.0 suspicious
7.0
High Risk

strace for AI agents. Capture and replay every tool call, LLM request, and decision point.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks associated with shell execution and credential harvesting, raising suspicion about its true intentions. While there's no definitive evidence of malicious activity, the high risk levels suggest further scrutiny is necessary.

  • High shell risk indicating potential for unauthorized command execution
  • High credential risk due to checking sensitive file names and directories
Per-check LLM notes
  • Network: Network calls using urllib suggest the package might be making external requests which could potentially be for legitimate purposes like updating or fetching data, but also pose a risk if misused.
  • Shell: Shell execution patterns indicate the package may perform git operations, which is somewhat expected for a tool related to tracing or monitoring system activities, yet it increases the risk of unauthorized command execution.
  • Obfuscation: No obfuscation patterns were detected.
  • Credentials: High risk of credential harvesting as sensitive file names and directories are being checked.
  • Metadata: Suspicious non-HTTPS link and author details raise concerns, but no clear typosquatting or other severe red flags.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • te(headers) req = urllib.request.Request(url, data=body, headers=req_headers, method="POST")
  • try: with urllib.request.urlopen(req, timeout=30) as resp: ok = r
  • endencies. All HTTP calls use urllib.request. """ from __future__ import annotations import base64 impo
  • umps(body).encode() req = urllib.request.Request( url, data=data, headers={
  • , ) try: with urllib.request.urlopen(req, timeout=30) as resp: return resp.st
  • te(config.headers) req = urllib.request.Request(url, data=payload, headers=req_headers, method="POST
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • -> str: result = subprocess.run( ["git"] + list(args), captu
  • th try: result = subprocess.run(command, env=env) return result.returncode final
  • at that time result = subprocess.run( ["git", "-C", repo, "rev-list", "-1", f"--befor
  • to HEAD diff_result = subprocess.run( ["git", "-C", repo, "diff", "--numstat", base_c
  • """ try: result = subprocess.run( ["git", "-C", repo, "rev-list", "-1", f"--befor
  • turn [] diff_result = subprocess.run( ["git", "-C", repo, "diff", "--numstat", base_c
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • "id_rsa", "id_ed25519", ".aws/credentials", ".aws/config", ".netrc", ".npmrc", ".pypirc", ".g
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://collector:4317
Git Repository History

Repository Siddhant-K-code/agent-trace appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-strace 
Create a Python-based debugging tool named 'AgentTracer' that leverages the 'agent-strace' package to monitor and log every action taken by an AI agent within a specified environment. This tool should allow users to capture detailed logs of all interactions between the AI agent and its external tools, including API calls, database queries, and any other forms of data exchange. Additionally, 'AgentTracer' should provide functionality to replay these logged actions to help diagnose issues or reproduce behavior for testing purposes.

### Key Features:
- **Real-time Monitoring:** Continuously track all actions performed by the AI agent in real-time.
- **Detailed Logging:** Store comprehensive logs that include timestamps, action descriptions, parameters, and outcomes.
- **Replay Functionality:** Allow users to selectively replay specific sequences of actions from the logs.
- **Interactive Interface:** Develop a user-friendly interface that enables users to navigate through logs, filter actions based on type or time, and view detailed information about each action.
- **Customizable Outputs:** Provide options to export logs in different formats (JSON, CSV, etc.) for further analysis.

### Utilization of 'agent-strace':
- Use 'agent-strace' to intercept and log every tool call made by the AI agent, ensuring no action goes unrecorded.
- Leverage 'agent-strace' capabilities to trace LLM requests, capturing not only the input but also the context and outcome of each interaction.
- Implement 'agent-strace' to record decision points where the AI agent makes critical choices, providing insights into the reasoning behind those decisions.

### Steps to Build 'AgentTracer':
1. Set up the development environment with Python and install the required packages, including 'agent-strace'.
2. Design the architecture of 'AgentTracer', focusing on how it will integrate with 'agent-strace' to capture and store logs.
3. Implement the real-time monitoring feature using 'agent-strace', ensuring that all actions are accurately recorded.
4. Develop the logging system, which should support storing logs efficiently and securely.
5. Create the replay functionality, allowing users to review past actions as needed.
6. Build an interactive interface that provides an intuitive way to explore and analyze logs.
7. Add customizable output options to cater to different needs for log analysis and reporting.
8. Test 'AgentTracer' thoroughly in various scenarios to ensure reliability and accuracy.
9. Document the usage of 'AgentTracer', including how to integrate it with existing AI systems and how to utilize its advanced features.