agentbridge-py

v0.1.8 suspicious
5.0
Medium Risk

Bridge OpenAI tools to Claude Code SDK, Codex CLI, and OpenRouter

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to network and obfuscation activities, though it lacks clear signs of malicious intent. The maintainer's limited history and the presence of a non-HTTPS link add to the suspicion.

  • moderate network risk
  • potential obfuscation
  • non-HTTPS link in metadata
  • maintainer's limited PyPI history
Per-check LLM notes
  • Network: Network calls suggest the package interacts with an external API, which is not inherently suspicious but should be verified against the package's intended functionality.
  • Shell: Shell execution for retrieving git hash might be used for versioning or logging purposes, but could also indicate less benign activities if the command is misused.
  • Obfuscation: Base64 decoding is commonly used for obfuscation but could also be part of normal functionality, such as handling encrypted or compressed data.
  • Credentials: No clear evidence of credential harvesting patterns detected.
  • Metadata: The presence of a non-HTTPS link and the maintainer's limited history with PyPI raise some concerns, but there are no clear signs of typosquatting or active malice.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • t(payload: dict[str, Any]) -> urllib.request.Request: """Create an OpenRouter urllib request."""
  • urllib request.""" return urllib.request.Request( OPENROUTER_API_URL, data=json.dumps
  • d().""" try: with urllib.request.urlopen( _openrouter_request(payload),
  • try: with urllib.request.urlopen( _openrouter_request(payload),
  • ("/") try: resp = httpx.get(f"{server_root}/health", timeout=5.0) if resp.status
  • return async with httpx.AsyncClient(timeout=120.0) as client: print(f"Sending {count} re
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • data=base64.b64decode(b64_data), url=None,
  • path.write_bytes(base64.b64decode(source["data"])) if str(media_type).startswith("
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • try: git_hash = subprocess.check_output( ["git", "rev-parse", "--short", "HEAD"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8082
Git Repository History

Repository tsilva/agentbridge appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "tsilva" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentbridge-py 
Create a versatile code generation tool named 'CodeMentor' using the Python package 'agentbridge-py'. This tool will serve as an interface between various AI coding assistants like Claude Code SDK, Codex CLI, and OpenRouter, allowing users to generate code snippets based on their input prompts. The application should support the following functionalities:

1. User Input Interface: Provide a simple command-line interface where users can input their coding problems or requirements.
2. Code Generation: Based on the user's input, the application should generate relevant code snippets from any of the supported AI coding assistants.
3. Output Display: Show the generated code snippet(s) back to the user.
4. Assistant Selection: Allow users to choose which AI coding assistant they prefer for generating the code.
5. Error Handling: Implement basic error handling to manage issues such as incorrect inputs or connectivity problems.
6. Documentation: Include a help section detailing how to use the tool effectively and what each feature does.

To utilize 'agentbridge-py', you'll need to integrate its core functions to communicate with the selected AI coding assistants. Ensure that your implementation demonstrates a good understanding of the package's capabilities and limitations, showcasing its ability to bridge different AI services seamlessly. This project aims to simplify the process of obtaining code assistance from multiple sources, making it easier for developers to find solutions quickly.