agenthog

v0.3.0 suspicious
5.0
Medium Risk

Official Python SDK for AgentOS — observability, runtime, and security for AI agents.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential obfuscation and is from a single-package maintainer, raising concerns about its integrity and purpose.

  • High obfuscation risk due to base64 decoding
  • Single-package maintainer account
Per-check LLM notes
  • Network: The presence of network calls is expected for many packages but requires scrutiny to ensure they are not used for unauthorized data transfer.
  • Shell: No shell execution patterns were detected, which is reassuring.
  • Obfuscation: The code uses base64 decoding which is common in many applications but the partial and obfuscated nature of the code suggests potential for hiding malicious activities.
  • Credentials: No clear patterns indicating direct harvesting of credentials or secrets have been detected.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • th)) self._http = httpx.AsyncClient( transport=transport, base_u
  • outbound. Register via ``httpx.Client(event_hooks={"request": [httpx_request_hook]})``. Pulls
  • self._http = http_client or httpx.AsyncClient(timeout=10.0) self._owns_http = http_client is None
  • ttp: self._http = httpx.AsyncClient(timeout=10.0) # ---- Public surface -------------------
  • endpoint.rstrip("/") with httpx.Client(timeout=30.0) as http: # 1) Fetch the head + public_
  • endpoint.rstrip("/") with httpx.Client(timeout=30.0) as http: resp = http.get(f"{base}/v1/a
Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • public_key_bytes = base64.b64decode(public_key_b64) pk = Ed25519PublicKey.from_publi
  • got_prev_hash = base64.b64decode(event["prev_hash"]) got_signature = base64.b
  • got_signature = base64.b64decode(event["event_signature"]) if got_prev_hash
  • declared_head_hash = base64.b64decode(head["head_hash"]) if expected_prev_hash != declared
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AgentOS" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agenthog 
Create a mini-application named 'AgentWatch' that leverages the 'agenthog' Python package to monitor and manage AI agents running on a local machine. The goal of 'AgentWatch' is to provide real-time observability into the performance, health, and security of these agents. Here's a detailed breakdown of what 'AgentWatch' should accomplish:

1. **Agent Discovery**: Upon startup, 'AgentWatch' should automatically discover all AI agents running on the local machine. This includes identifying which agents are active, their status (running, paused, stopped), and basic metadata such as the type of agent and its version.
2. **Performance Monitoring**: Implement a feature to track key performance indicators (KPIs) of each agent. These KPIs could include CPU usage, memory consumption, response time, and error rates. Display these metrics in a user-friendly dashboard.
3. **Health Checks**: Regularly perform health checks on each agent to ensure they are functioning correctly. If an agent fails a health check, 'AgentWatch' should alert the user through notifications and log the issue.
4. **Security Audits**: Use the 'agenthog' package to conduct periodic security audits on the agents. This includes checking for vulnerabilities, unauthorized access attempts, and ensuring data integrity.
5. **Control Panel**: Provide a control panel within 'AgentWatch' where users can pause, resume, or stop individual agents. Additionally, allow users to configure settings like frequency of health checks and security audits.
6. **Logging & Reporting**: Maintain logs of all actions performed by 'AgentWatch', including health checks, security audits, and any alerts triggered. Generate periodic reports summarizing the health and security status of all monitored agents.

To achieve these goals, 'AgentWatch' will extensively use the 'agenthog' package to interact with the agents, gather data, and enforce policies. The application should be designed to be extensible so that it can support additional functionalities in future updates.