agentic-comms

v0.9.14 suspicious
6.0
Medium Risk

CLI message board for AI agents — coordinate between sessions, projects, and machines

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate level of risk due to potential shell manipulation and obfuscated code, indicating possible attempts to conceal its true functionality. However, there's no direct evidence of malicious intent.

  • High shell risk due to pip command execution within the package
  • Significant obfuscation suggesting attempts to hide code logic
Per-check LLM notes
  • Network: The network requests to pypi.org seem intended for checking the latest version, which is common and generally benign.
  • Shell: Executing pip commands within the package suggests potential for updating or altering the system state, which could be risky if not controlled properly.
  • Obfuscation: The code shows signs of obfuscation through unusual string formatting and import patterns, which may indicate an attempt to hide code logic.
  • Credentials: No clear evidence of credential harvesting is present in the provided snippets.
  • Metadata: The repository is not found and the maintainer has only one package, which could indicate potential risk.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • = None try: req = urllib.request.Request( "https://pypi.org/pypi/agentic-comms/js
  • ade"}, ) with urllib.request.urlopen(req, timeout=5) as resp: latest = json.l
  • return None req = urllib.request.Request( "https://pypi.org/pypi/agentic-comms/js
  • ade"}, ) with urllib.request.urlopen(req, timeout=5) as resp: data = json.loa
  • get_token() self._h = httpx.Client( base_url=self.url, headers={
  • 50): try: httpx.get(f"http://127.0.0.1:{port}/api/health", headers={"Authorizati
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • else ''}.", file=__import__("sys").stderr, ) raise typer.Exit(1) me = _cur
  • s}{hint}", file=__import__("sys").stderr) raise typer.Exit(1) me = _current_ident
  • 56"), "activated_at": __import__("time").time(), }, indent=2)) print(f"activated {name} → {s
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • if needs_upgrade: r = subprocess.run( [sys.executable, "-m", "pip", "install", "--upg
  • urncode != 0: r = subprocess.run( [sys.executable, "-m", "pip", "install", "-
  • .read()\n" f"sys.exit(subprocess.run(['claude', '--dangerously-skip-permissions', '-p', prompt],"
  • _text().strip() out = subprocess.run(["ps", "-o", "comm=", "-p", str(pid)], capture_output=True,
  • ine.split()[1]) out = subprocess.run(["ps", "-o", "ppid=", "-p", str(pid)], capture_output=True,
  • olve() try: out = subprocess.run( ["git", "-C", str(start), "rev-parse", "--show-
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "jazcogames" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentic-comms 
Create a mini-application called 'AgentSync' using the Python package 'agentic-comms'. This application will serve as a coordination hub for multiple AI agents working on different tasks within the same project. AgentSync should allow users to create, read, update, and delete messages between agents, ensuring seamless communication and task management.

### Features:
- **Message Board Creation**: Users can create new message boards for specific projects or tasks.
- **Message Posting**: Agents can post updates, requests, or status reports to the message boards.
- **Message Retrieval**: Agents can retrieve messages from the boards to stay updated on project progress.
- **Message Deletion**: Users can delete outdated or irrelevant messages to keep the boards clean.
- **User Authentication**: Implement basic authentication to ensure only authorized users can access and modify message boards.
- **Real-time Notifications**: Integrate real-time notifications so agents are immediately informed of new messages.

### Steps:
1. **Setup Environment**: Install necessary packages including 'agentic-comms'.
2. **Design Database Schema**: Define the structure for storing message boards and messages.
3. **Implement User Authentication**: Use a simple token-based system for user login and verification.
4. **Develop Message Board Functionality**: Utilize 'agentic-comms' to handle the creation, reading, updating, and deletion of messages.
5. **Add Real-time Notification Feature**: Integrate a real-time messaging service like WebSockets to push notifications.
6. **Testing and Deployment**: Thoroughly test the application for functionality and security, then deploy it on a server accessible via a web interface.

### How 'agentic-comms' is Utilized:
- For each operation (create, read, update, delete), use 'agentic-comms' functions to interact with the message boards. It will manage the communication layer, allowing for cross-platform and machine interoperability without worrying about underlying network protocols.