agent-venv

v0.1.0 suspicious
6.0
Medium Risk

Run coding-agent CLIs in an isolated profile and workspace.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse due to its shell execution commands on macOS, despite having no network calls, obfuscation, or credential harvesting activities. The low activity and unfamiliarity of the maintainer also raise concerns.

  • Shell risk due to subprocess.run usage on macOS
  • Low activity and unfamiliar maintainer
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: The use of 'subprocess.run' with 'security' command may be legitimate for macOS-specific operations but requires further investigation to ensure it's not being used for unauthorized actions.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is new with minimal activity and the maintainer has limited history, raising some suspicion.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • try: res = subprocess.run( [ "security",
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "Jacob Lin" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-venv 
Create a Python-based development environment manager called 'DevEnvWizard' that leverages the 'agent-venv' package to manage multiple isolated coding environments for different projects. DevEnvWizard should allow users to easily create, activate, deactivate, and delete virtual environments tailored for specific coding tasks or projects. Each environment should have its own unique set of dependencies and configurations, ensuring that projects do not interfere with each other. Additionally, DevEnvWizard should provide a feature to switch between these environments seamlessly without the need to manually activate and deactivate them using command line tools. Users should also be able to clone existing environments for similar but slightly different projects, maintaining consistency while allowing for necessary modifications. The application should include a user-friendly interface for managing these environments, and it should generate a report summarizing the current state of all managed environments. Utilize 'agent-venv' to handle the creation and isolation of these environments, ensuring that each one runs in a separate profile and workspace as described in the package documentation.