Package Metadata

Author: Mohit Goyal
Email: —
PyPI: agentforge-harness
Python: >=3.10
Versions: 2 releases
First release: 02 Jun 2026, 16:39 UTC
Analysed: 06 Jun 2026, 09:01 UTC
Source files: 57 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14Topic :: Scientific/Engineering :: Artificial IntelligenceTopic :: Software Development :: Build Tools

🤖 AI Analysis

Final verdict: SAFE

The package shows minimal risk indicators and no clear signs of malicious intent. While there are some potential misuse scenarios, they do not strongly suggest a supply-chain attack.

Network risk due to API key usage
Shell risk from Git-related command execution

Per-check LLM notes

Network: The network calls may be used for legitimate API interactions, but the presence of an API key suggests potential unauthorized access risks if misused.
Shell: The shell execution patterns likely serve Git-related functionality, but could pose a risk if commands are manipulated to execute arbitrary code.
Obfuscation: The detected pattern seems to be related to environment variable manipulation for command completion rather than malicious obfuscation.
Credentials: No credentials or secrets harvesting patterns were detected.
Metadata: The author has only one package on PyPI, which may indicate a new or less active account.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

fig.api_key}" async with httpx.AsyncClient(timeout=5.0) as client: response = await client.get(
try: async with httpx.AsyncClient( timeout=httpx.Timeout(params.timeout),

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

sh/config.fish:\n" "# eval (env _AGENTFORGE_COMPLETE=fish_source agentforge)" ), }

⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

return False result = subprocess.run( ["git", "ls-files", "--error-unmatch", "--", relati
return False result = subprocess.run( ["git", "check-ignore", "--quiet", "--", relative],
dProcess[str]: return subprocess.run( ["git", "-C", str(cwd), *args], tex
append("--check") return subprocess.run( command, input=patch, text=True,

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository MohitGoyal09/Agentforge appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Mohit Goyal" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentforge-harness

Create a fully-functional mini-application named 'CodeCraft' using the 'agentforge-harness' package. This application will serve as an interactive coding environment where users can define tasks for AI coding agents to perform. Here’s a detailed breakdown of the project requirements:

1. **User Interface**: Design a simple yet intuitive user interface where users can input their coding tasks. This could be a command-line interface (CLI) or a basic web interface depending on your preference.

2. **Task Definition**: Users should be able to define tasks for the AI coding agents in natural language. For example, a user might ask the agent to 'write a function to sort an array using quicksort'.

3. **Agent Interaction**: Utilize the 'agentforge-harness' package to interact with AI coding agents. The core functionality of 'agentforge-harness' involves setting up and managing interactions between users and agents. Use this package to handle the communication protocol between the user and the AI agent.

4. **Code Generation**: Based on the task defined by the user, the AI agent should generate code snippets. Ensure that the generated code is syntactically correct and adheres to the specifications provided by the user.

5. **Feedback Mechanism**: Implement a feedback mechanism where users can rate the quality of the generated code. This feedback should be stored and potentially used to improve future responses from the AI agents.

6. **Documentation**: Provide comprehensive documentation on how to install and use the 'CodeCraft' application. Include examples of tasks that can be performed and how to interpret the output from the AI coding agents.

7. **Security Considerations**: Since users will be interacting with AI agents to generate code, ensure that all inputs are sanitized to prevent any security vulnerabilities.

8. **Testing**: Write unit tests to verify the correctness of the generated code snippets and the functionality of the feedback mechanism.

The goal of 'CodeCraft' is to demonstrate the capabilities of AI coding agents in generating code based on natural language inputs while providing a practical tool for developers and researchers interested in AI-assisted coding.