agentfish

v0.4.4 suspicious
7.0
High Risk

CLI tool to install complete AI agent configuration bundles from any git repository

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits unusual behavior with a high credential risk score due to an attempt to install a sensitive system file, indicating potential malicious intent. Combined with a moderately concerning metadata risk, this package should be treated with caution.

  • High credential risk due to installation of '../etc/passwd'
  • Moderate metadata risk due to rapid commit history and low repository activity
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution is used to retrieve git commit hash, likely for version control purposes.
  • Obfuscation: No obfuscation patterns detected in the provided code snippet.
  • Credentials: The code snippet appears to be attempting to install a file '../etc/passwd', which is a sensitive system file and may indicate an attempt to harvest credentials or system information.
  • Metadata: The rapid commit history and low repository activity suggest potential risk.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • tr(target_dir)] result = subprocess.run( cmd, capture_output=True, text=True
  • """ try: result = subprocess.run( ["git", "rev-parse", "HEAD"], cwd=r
⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • nstall_files( ["../etc/passwd"], src, dst, interactive=False ) assert ins
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • All 12 commits happened within 24 hours
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "pimentelleo" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agentfish 
Create a mini-application called 'AgentHub' using Python and the 'agentfish' package. AgentHub will serve as a user-friendly interface for managing and deploying AI agents from various repositories. Here’s a detailed plan on how to develop it:

1. **Setup**: Begin by installing the necessary packages, including 'agentfish'. Ensure your environment supports Python 3.8 or higher.
2. **Core Functionality**:
   - Implement a command-line interface (CLI) that allows users to search for available AI agent configurations hosted on public repositories.
   - Users should be able to select and download/install these configurations using the 'agentfish' package.
3. **Features**:
   - **Search Functionality**: Integrate a feature where users can search for specific AI agents based on keywords or tags.
   - **Configuration Management**: Provide options to manage installed AI agent configurations, such as updating, removing, or viewing details.
   - **Interactive Help**: Include a comprehensive help section within the CLI that explains commands and provides examples.
4. **Enhancements**:
   - Add support for local repositories or custom URLs.
   - Incorporate a feature to automatically check for updates of installed agents.
5. **Testing**: Ensure all functionalities are thoroughly tested to guarantee smooth operation.
6. **Documentation**: Prepare detailed documentation explaining how to use AgentHub, including setup instructions and usage examples.

By following these steps, you'll create a versatile and user-friendly tool that leverages the power of 'agentfish' to streamline the process of working with AI agents.