agentibridge

v0.6.0 suspicious
5.0
Medium Risk

Claude CLI transcript indexer and MCP server

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to high shell execution risk and average network and metadata risks. It does not show signs of obfuscation or credential harvesting.

  • High shell execution risk due to direct use of 'docker' and 'systemctl'
  • Average network risk from external service calls
  • Moderate metadata risk with a single-package maintainer
Per-check LLM notes
  • Network: Network calls to external services are common for packages that require API interactions, but the specific endpoints and context should be reviewed for compliance and security.
  • Shell: Executing shell commands like 'docker' and 'systemctl' directly can pose significant risks if not properly controlled, suggesting potential for unauthorized system changes or access.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package, which could indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • try: async with httpx.AsyncClient(timeout=30) as client: # Phase 1: Submit
  • or _embed_model() resp = httpx.post( f"{base.rstrip('/')}/embeddings", headers=_
  • el= explicitly)") resp = httpx.post( f"{base.rstrip('/')}/chat/completions", hea
  • try: async with httpx.AsyncClient(timeout=timeout_s) as client: resp = await clien
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • """ try: result = subprocess.run( [ "docker", "in
  • """ try: result = subprocess.run( ["systemctl", "is-active", service],
  • ]") try: result = subprocess.run( ["systemctl", "--user", "is-active", "agentibri
  • ker try: result = subprocess.run( ["docker", "inspect", "-f", "{{.State.Status}}"
  • ner try: result = subprocess.run( ["docker", "inspect", "-f", "{{.State.Status}}"
  • log_result = subprocess.run( ["docker", "logs", "--tail", "50", "age
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository The-Cloud-Clockwork/agentibridge appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "The Cloud Clockwork" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentibridge 
Create a Python-based mini-application named 'TranscriptArchiver' that leverages the 'agentibridge' package to manage and index transcripts from various conversations with AI models like Claude. This application should provide users with a seamless way to save, search, and retrieve their conversation histories efficiently.

Key Features:
1. **CLI Interface**: Implement a command-line interface for interacting with the application.
2. **Transcript Indexing**: Utilize 'agentibridge' to automatically index each new conversation transcript into a searchable database.
3. **Search Functionality**: Allow users to search for specific keywords or phrases within their indexed transcripts.
4. **MCP Server Integration**: Integrate with the MCP server provided by 'agentibridge' to facilitate real-time indexing of ongoing conversations.
5. **Export Options**: Enable exporting of selected transcripts to different formats (e.g., JSON, CSV).
6. **User Authentication**: Implement basic user authentication to ensure privacy of user data.

Steps to Build the Application:
1. Set up your development environment with Python installed and 'agentibridge' package available.
2. Design the CLI interface using standard Python libraries such as argparse.
3. Develop the backend functionality to interact with 'agentibridge' for indexing and searching transcripts.
4. Implement the MCP server integration to ensure real-time data synchronization.
5. Create export functions that allow users to download their transcripts in desired formats.
6. Add user authentication mechanisms to secure user data.
7. Test the application thoroughly to ensure all functionalities work as expected.