agentic-bootstrap

v0.5.2 suspicious
6.0
Medium Risk

Bootstrap CLI that hoists the shared agentic-system surface into consumer repos.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to potential shell execution and low maintainer activity. While there is no direct evidence of malicious intent, these factors warrant further scrutiny.

  • Shell risk: Potential for executing arbitrary commands.
  • Metadata risk: Low maintainer activity and poor metadata quality.
Per-check LLM notes
  • Network: No network calls were detected, which is normal and not indicative of any risk.
  • Shell: The presence of shell execution suggests the package might execute commands on the user's system, which could be risky if not properly controlled or intended to perform unauthorized actions.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret theft.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising some suspicion but not definitive evidence of malice.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • cmd.extend(args) result = subprocess.run( cmd, check=True, capture_output=Tru
  • str(target), ] subprocess.run(cmd, check=True, cwd=str(clone), timeout=120) def _install
  • env.update(raw_env) subprocess.run( cmd, check=True, capture_output=Tru
  • alue try: proc = subprocess.run( cmd, check=False, captu
  • n [] try: proc = subprocess.run( [ sys.executable,
  • s the rerun. hooks_path = subprocess.check_output( ["git", "config", "--get", "core.hooksPath"], cwd=t
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "darce" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agentic-bootstrap 
Create a command-line tool named 'AgenticDevTool' using Python and the 'agentic-bootstrap' package. This tool aims to simplify the setup process for developers working on projects that require integration with the Agentic ecosystem. The tool should automatically configure and install necessary dependencies, set up environment variables, and initialize project directories according to best practices. Here’s a detailed breakdown of the requirements:

1. **Initialization Command**: When a user runs the command `agentic-devtool init`, it should create a new directory structure tailored for Agentic projects, including folders like 'src', 'tests', 'docs', and 'config'. It should also generate a basic 'README.md' file with instructions and a '.gitignore' file optimized for Python and Agentic development.

2. **Dependency Management**: Integrate 'pipenv' for dependency management. Upon running the initialization command, 'pipenv' should be installed if not already present, and a 'Pipfile' should be created with default dependencies listed, such as 'requests' and 'flask'. Additionally, the tool should allow users to specify additional dependencies during the setup process.

3. **Environment Configuration**: Automatically generate a '.env' file where developers can safely store sensitive information like API keys and database URLs. Provide placeholders for these values and ensure they are excluded from version control.

4. **Customization Options**: Allow users to customize their project name, description, author details, and other metadata through command-line arguments or prompts during the initialization process.

5. **Integration with Agentic Ecosystem**: Use the 'agentic-bootstrap' package to hoist the shared Agentic system components into the newly initialized project. This includes setting up necessary hooks, templates, and configurations that align with Agentic standards.

6. **Post-Setup Instructions**: After successful setup, display a summary of the next steps for the user, including how to start developing, running tests, and deploying the project. Include links to relevant documentation and community support resources.

7. **Interactive Mode**: Implement an interactive mode where users can answer questions about their project needs, and the tool will dynamically adjust its configuration based on the responses.

8. **Help and Documentation**: Ensure the tool has a comprehensive help system accessible via `agentic-devtool --help`. Document each feature thoroughly, explaining how they integrate with the 'agentic-bootstrap' package.

By completing this project, you'll build a robust, user-friendly tool that streamlines the development process for Agentic projects, leveraging the power of 'agentic-bootstrap' to maintain consistency and efficiency across different projects.