🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is assessed as suspicious due to moderate network and shell execution risks, which could indicate potential misconfigurations or unintended behaviors. Additionally, the metadata suggests low maintenance efforts, raising concerns about its legitimacy.

Moderate network risk
High shell execution risk
Low metadata quality

Per-check LLM notes

Network: Network calls to localhost endpoints may be intended for local development but could also indicate unexpected behavior or misconfiguration.
Shell: Subprocess calls to execute scripts and external commands like 'ollama pull' might be part of the package's functionality but could pose risks if not properly controlled or audited.
Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
Metadata: The package shows some signs of low effort and could potentially be suspicious due to the lack of maintainer history and author details.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

Check try: res = requests.get("http://localhost:3002/api/test", timeout=2) log("✅
Check try: res = requests.get("http://localhost:11434/api/tags", timeout=2) models
an]") try: resp = requests.post(endpoint, headers=_build_headers(), json=payload, timeout=60
bmit crawl job resp = requests.post(endpoint, headers=_build_headers(), json=payload, timeout=60
(5) status_resp = requests.get(status_url, headers=_build_headers(), timeout=30)
, "") try: resp = requests.post(url, json=payload, timeout=300) resp.raise_for_statu

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

}" try: result = subprocess.run( [ sys.executable, str(worker_sc
-\n\n{content}" result = subprocess.run( [sys.executable, str(memory_script), "add", "--key"
ama...", "") try: subprocess.run(["ollama", "pull", model], check=True) log(f"✅ Model
arent / "agent_memory.py" subprocess.run( [sys.executable, str(memory_script), "add", "--key"
— Git Status") result = subprocess.run( ["git", "status", "--short", str(MEMORY_DIR.relativ

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: example.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

No GitHub repository linked

No GitHub repository link found

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

Only one version has ever been released — brand new package
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)
Package has no PyPI classifiers (low effort / metadata quality)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentic-dev-workspace

Develop a comprehensive local development environment orchestrator using the 'agentic-dev-workspace' Python package. Your task is to create a tool that streamlines the setup and management of various development environments for different projects. This tool will allow developers to easily switch between different configurations, manage dependencies, and launch necessary services like databases, web servers, etc., all within a single command-line interface. Here’s a breakdown of the steps and features you need to implement:

1. **Environment Setup**: The application should be able to initialize a new development environment based on predefined templates. These templates could include configurations for Python, Node.js, Java, or any other language.
2. **Dependency Management**: Implement a feature that allows users to specify and install project-specific dependencies from a configuration file.
3. **Service Launching**: Integrate support for launching auxiliary services required for development, such as local web servers, databases (e.g., MySQL, PostgreSQL), and messaging queues (e.g., RabbitMQ).
4. **Configuration Switching**: Provide functionality to switch between different configurations or environments (e.g., development, testing, production) seamlessly.
5. **Resource Cleanup**: Ensure there is a clean-up mechanism to properly terminate running processes and remove temporary files when the environment is no longer needed.
6. **User Interface**: Design a simple and intuitive command-line interface (CLI) for managing these operations.

Utilize the 'agentic-dev-workspace' package to handle the orchestration of resources and environments. This includes leveraging its capabilities for initializing workspaces, configuring resource dependencies, and managing lifecycle operations such as start, stop, and cleanup. The goal is to reduce the overhead of setting up and managing development environments, allowing developers to focus more on coding and less on environment maintenance.