agentic-data-scientist

v0.2.3 suspicious
8.0
High Risk

Agentic Data Scientist - General-purpose multi-agent framework with ADK and Claude Code

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple risky behaviors including high credential risk and significant shell execution risks, indicating potential malicious intent. The incomplete metadata adds to the suspicion.

  • High credential risk from reading '/etc/passwd'
  • Significant shell execution risks
Per-check LLM notes
  • Network: The network call pattern suggests the package might be fetching external resources, which could be legitimate but needs verification of purpose and origin.
  • Shell: The shell execution pattern indicates the package performs git cloning, which may be intended for internal operations but poses higher risk due to potential unauthorized code execution.
  • Obfuscation: The use of base64 encoding to decode PNG image data could be legitimate but raises suspicion without clear context.
  • Credentials: Reading the '/etc/passwd' file is highly suspicious and indicates potential credential harvesting activity.
  • Metadata: The author's information is incomplete and the account seems new or inactive, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • he request response = requests.get( url, headers=headers, t
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • 64 encoding decoded = base64.b64decode(data["data"]) assert decoded.startswith(b"\x89PNG")
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • s to {tmp_repo}") subprocess.run( ["git", "clone", "--depth", "1", repo_url,
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • " result = read_file("/etc/passwd", str(temp_workspace)) assert "Error" in result
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: k-dense.ai>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository K-Dense-AI/agentic-data-scientist appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentic-data-scientist 
Create a mini-application called 'DataQuest' that leverages the 'agentic-data-scientist' package to automate data science workflows. This application will allow users to upload datasets, define their data science tasks (such as exploratory data analysis, feature engineering, model training, etc.), and receive automated reports detailing the results of these tasks. The application should include the following key features:

1. **User Interface**: Develop a simple web-based UI using Flask where users can upload CSV files and specify their data science objectives.
2. **Task Definition**: Users should be able to choose from predefined tasks such as 'EDA', 'Feature Engineering', 'Model Training', etc., or write custom tasks.
3. **Automation with Agents**: Utilize the 'agentic-data-scientist' package to automate the execution of these tasks through its multi-agent framework. Each task should be handled by a dedicated agent, which could either use built-in methods or call upon external services like Claude Code for more complex tasks.
4. **Report Generation**: After completing each task, generate a detailed report that includes visualizations, statistical summaries, and any relevant insights derived from the analysis.
5. **Feedback Loop**: Implement a feedback mechanism where users can provide ratings and comments on the quality of the automated reports, which can then be used to improve future runs.
6. **Security Measures**: Ensure that all uploaded datasets are securely stored and processed, adhering to best practices in data privacy and security.

The 'agentic-data-scientist' package will be crucial in orchestrating the workflow between different agents responsible for various stages of the data science process. It will also facilitate the integration of advanced AI capabilities provided by Claude Code when necessary.