agentcam

v0.1.0 suspicious
4.0
Medium Risk

Local-first CLI wrapper that records what your AI coding agent changed in your repo.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits low individual risks but has notable metadata issues such as no maintainer history and no associated GitHub repository, raising suspicion about its legitimacy.

  • Shell execution detected
  • Lack of maintainer history
  • No associated GitHub repository
Per-check LLM notes
  • Network: No network calls detected, which is normal.
  • Shell: Shell execution detected may be for version control operations, but further review is needed to ensure it's not used maliciously.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows some red flags, including lack of maintainer history and no associated GitHub repository, but there's no clear evidence of typosquatting or malicious intent.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • tedProcess[bytes]: return subprocess.run( ["git", *args], cwd=cwd, capture_ou
  • st(resolved.argv) proc = subprocess.Popen( cmd_arg, cwd=str(cwd), stdout=subpr
  • tag.gpgsign=false", ] subprocess.run( ["git", *env_args, *args], cwd=cwd,
  • nner end-to-end). """ subprocess.run( ["git", "init", "-q", "-b", "main", str(tmp_path)],
  • est (the venv).""" return subprocess.run( [sys.executable, "-m", "agentcam.cli", *args],
  • ath, *args: str) -> None: subprocess.run( ["git", *GIT_AUTHOR, *args], cwd=cwd, check
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agentcam 
Create a Python-based Git repository monitoring tool named 'GitGuardian' using the 'agentcam' package. This tool should serve as a local-first CLI wrapper that records all changes made by your AI coding assistant within a Git repository. Here’s a step-by-step guide on how to develop 'GitGuardian':

1. **Setup Project Environment**: Initialize a new Python environment and install the necessary packages including 'agentcam', 'gitpython', and 'click'. Click will be used to create the command-line interface.
2. **Define Core Functionality**: Implement functions that use 'agentcam' to monitor changes made by the AI coding assistant. These functions should be able to log these changes locally without requiring internet access.
3. **Integrate GitPython**: Use GitPython to interact with Git repositories. Your tool should be able to detect when files are added, modified, or deleted, and it should record these actions along with timestamps.
4. **CLI Interface**: Develop a simple but effective CLI using Click. Commands should include initializing 'GitGuardian' in a repository, starting monitoring, and viewing recorded changes.
5. **AI Assistant Integration**: Ensure that 'GitGuardian' can recognize changes made by your specific AI coding assistant. This could involve checking commit messages, author information, or other metadata.
6. **Reporting Mechanism**: Implement a feature where users can generate reports on monitored changes. Reports should be easily readable and include details such as file names, changes made, timestamps, and whether the changes were additions, deletions, or modifications.
7. **Security Considerations**: Since 'GitGuardian' deals with repository data, ensure that sensitive information is not logged or stored improperly. All logs should be encrypted at rest and securely handled during transmission.
8. **Testing and Documentation**: Write comprehensive tests to ensure the reliability of 'GitGuardian'. Also, create detailed documentation explaining how to set up and use the tool effectively.

Suggested Features:
- Real-time notifications about changes detected by 'GitGuardian'
- Ability to filter reported changes based on types of modifications
- Support for multiple repositories and tracking changes across them
- Integration with common CI/CD pipelines to automatically trigger 'GitGuardian' on code updates
- Customizable logging levels and formats for detailed insights into repository activity

By following these steps and incorporating these features, you'll create a powerful and user-friendly tool that leverages the capabilities of 'agentcam' to enhance collaboration between developers and their AI coding assistants.