agent-uniformity

v0.1.0 suspicious
6.0
Medium Risk

Reference implementation for the Agent Almanac Code Uniformity benchmark

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse through its use of GitHub API interactions and has high metadata risk due to low activity and a single contributor. However, no direct malicious activities were detected.

  • High metadata risk
  • GitHub API interactions
Per-check LLM notes
  • Network: No network calls detected, which is normal and doesn't indicate any risk.
  • Shell: Git commands suggest version control operations, while 'gh api' indicates interaction with GitHub API. These could be legitimate for package maintenance but may also hint at unusual behavior if not documented.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: High risk due to low activity, single contributor, and lack of maintainer history.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • """ try: out = subprocess.check_output( ["git", "log", "--all", "--format=%H%x00%an%x00
  • """ try: out = subprocess.check_output( ["git", "blame", "--line-porcelain", file_rel],
  • oup(2) try: out = subprocess.check_output( [ "gh", "api", f"repos/{owner}/
  • try: try: subprocess.check_call( ["git", "clone", "--quiet", ti.repo_url, st
  • LL, ) subprocess.check_call( ["git", "checkout", "--quiet", ti.base_sha]
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: saucam.dev>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 7.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Very few commits: 1 total
  • Single contributor with only 1 commit(s) — possibly throwaway account
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-uniformity 
Create a Python-based code analysis tool called 'CodeHarmonizer' that leverages the 'agent-uniformity' package to standardize coding styles across different agents or developers contributing to a single project. The tool should be able to scan through source code files, identify discrepancies in coding styles based on predefined benchmarks from the 'agent-uniformity' package, and suggest or automatically apply corrections to align the code with the uniform standards.

Step-by-Step Instructions:
1. Set up the basic structure of the project, including necessary dependencies such as 'agent-uniformity'.
2. Implement a function to parse input directories containing Python source code files.
3. Use 'agent-uniformity' to define and load the coding style benchmarks.
4. Develop an analysis module that scans the parsed source code against these benchmarks.
5. Create a reporting feature that highlights areas where coding styles differ from the benchmarks.
6. Integrate a correction module that either suggests changes or automatically applies them based on user preferences.
7. Add a configuration option to customize which aspects of coding style are enforced.
8. Ensure the tool supports command-line interface (CLI) usage for easy integration into existing workflows.
9. Include comprehensive documentation and examples demonstrating how to use 'CodeHarmonizer' effectively.

Suggested Features:
- Detailed logging of all changes made during the correction process.
- Support for multiple coding style benchmarks from 'agent-uniformity', allowing flexibility in standardization.
- A GUI frontend for users who prefer visual interfaces over CLI commands.
- Integration with popular version control systems like Git to facilitate review and merge processes.
- Customizable severity levels for warnings and errors during the analysis phase.