agentcloak

v0.3.0 suspicious
5.0
Medium Risk

Stealth browser toolkit for AI agents — anti-bot bypass out of the box, CLI and MCP interface

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its use of obfuscation techniques and execution of shell commands, though no direct evidence of malicious intent was found.

  • High obfuscation risk
  • Potential misuse of shell commands
Per-check LLM notes
  • Network: Network calls are standard for packages that interact with external services or APIs.
  • Shell: Execution of shell commands can be risky if not properly sanitized or intended for legitimate use such as building distributions.
  • Obfuscation: The presence of multiple base64 decoding patterns without clear context suggests potential obfuscation or hiding of code/data.
  • Credentials: No direct evidence of credential harvesting is found, but further investigation into the usage context of these patterns is recommended.
  • Metadata: The maintainer's author name is missing or very short, and the author has only one package on PyPI, which may indicate a less experienced or potentially suspicious actor.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • try: async with httpx.AsyncClient(**client_kwargs) as client: async with clien
  • try: async with httpx.AsyncClient(**client_kwargs) as client: resp = await cli
  • try: async with httpx.AsyncClient( cookies=jar, timeout=httpx.Timeout(60.0), f
  • try: with httpx.Client( base_url=base_url, timeout=_BG_READY_PROBE_
Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • try: return base64.b64decode(data) except Exception as exc: raise Bac
  • ("base64", "") return base64.b64decode(b64) # ------------------------------------------------
  • raw_body = base64.b64decode(raw_body).decode( "utf-8", error
  • try: return base64.b64decode(encoded).decode("utf-8") except Exception as exc:
  • ext}" output.write_bytes(base64.b64decode(b64_str)) if is_json_mode(): emit_envelope(
  • .pdf" output.write_bytes(base64.b64decode(b64_str)) if is_json_mode(): emit_envelope(
Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • unning: {' '.join(cmd)}") subprocess.run(cmd, check=True) print("\nDone! Output: dist/agentcloak-
  • cmd = cmd[2:] proc = subprocess.run(cmd, capture_output=True, text=True, cwd=str(ROOT)) retu
  • alse try: subprocess.run( [xdpyinfo, "-display", display],
  • LAY") self._process = subprocess.Popen( [xvfb_bin, display, "-screen", "0", screen, "-n
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository shayuc137/agentcloak appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentcloak 
Develop a web scraping tool named 'StealthScrape' using the Python package 'agentcloak'. This tool aims to automate the process of collecting data from websites that have implemented bot detection mechanisms. Your task is to create a command-line interface (CLI) application that allows users to specify target URLs and desired data elements (e.g., product names, prices, descriptions). The application should then use 'agentcloak' to bypass these bot-detection systems and scrape the specified data without being detected as a bot.

Steps to develop 'StealthScrape':
1. Install necessary packages including 'agentcloak', 'requests', and 'beautifulsoup4'.
2. Design the CLI interface to accept user inputs such as target URL(s) and data elements to scrape.
3. Implement functionality within 'StealthScrape' to utilize 'agentcloak' to set up stealthy browsing sessions that mimic human behavior to avoid bot detection.
4. Use 'requests' and 'beautifulsoup4' to fetch and parse the HTML content from the target URLs.
5. Extract the specified data elements from the HTML and output them in a structured format like CSV or JSON.
6. Ensure error handling is included to manage cases where the website structure changes or the scraping fails due to bot detection.
7. Optionally, implement a feature to schedule regular scraping tasks using 'cron' jobs or similar scheduling tools.
8. Document the usage of 'StealthScrape' with clear instructions on how to install it, configure it, and run it against different websites.

Features:
- Stealth browsing session setup using 'agentcloak'
- Command-line interface for specifying scraping parameters
- Automated data extraction and output formatting
- Error handling and logging
- Optional scheduled scraping tasks

How 'agentcloak' is utilized:
- To initiate stealthy browsing sessions that can navigate through websites undetected by bot-detection systems, thereby enabling the collection of data from sites that would otherwise block scraping attempts.