agentic-devtools

v0.2.171 suspicious
5.0
Medium Risk

Agentic devtools integrate Jira, DevOps & more

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to network and shell execution vulnerabilities, although it does not exhibit signs of credential theft or obfuscation. The maintainer's low activity level adds to the suspicion.

  • Moderate network risk due to unverified SSL connections
  • High shell risk from subprocess calls
  • Low activity maintainer
Per-check LLM notes
  • Network: The use of unverified SSL connections could potentially allow man-in-the-middle attacks, but may also be justified for development purposes.
  • Shell: Subprocess calls to execute scripts dynamically can introduce security risks if not properly sanitized or validated, especially considering the context of 'agentic-devtools' which might involve running arbitrary code.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has a new or low activity account and lacks detailed package metadata, which may indicate low effort or potential risk.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • E # noqa: S501 with socket.create_connection((hostname, port), timeout=10) as sock: with cont
  • le=sys.stderr) return requests.get(url, timeout=timeout, stream=stream, verify=False) # noqa:
  • le=sys.stderr) return requests.get(url, timeout=timeout, stream=stream, verify=verify) exce
  • tderr) return requests.get(url, timeout=timeout, stream=stream, verify=verify_retry)
  • quest_id}...") response = requests.post(comment_url, headers=headers, json=comment_body, timeout=30)
  • quest_id}...") response = requests.post(thread_url, headers=headers, json=thread_body, timeout=30)
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • sys.exit(1) result = subprocess.run( [sys.executable, str(complete)] + foreground_args,
  • ic.exists(): result = subprocess.run( [sys.executable, str(repo_specific)] + foregrou
  • sys.exit(1) result = subprocess.run( [sys.executable, str(required)] + foreground_args,
  • sys.exit(1) result = subprocess.run( [sys.executable, str(configured)] + foreground_args
  • ls from PyPI.""" result = subprocess.run( [sys.executable, "-m", "pip", "install", "--upgrade
  • git repo.""" try: subprocess.run( ["git", "rev-parse", "--git-dir"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "ayaiayorg" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentic-devtools 
Create a fully-functional mini-application named 'DevOpsDashboard' using the Python package 'agentic-devtools'. This application will serve as a one-stop dashboard for developers and project managers to manage tasks, track progress, and integrate with various DevOps tools such as Jira, GitLab, and Jenkins. The app should have the following features:

1. **User Authentication**: Implement a simple user authentication system where users can sign up, log in, and log out.
2. **Task Management**: Allow users to create, update, and delete tasks. Each task should include details like title, description, priority, status, and due date.
3. **Integration with Jira**: Integrate with Jira to fetch, update, and manage tasks directly from within the application. Users should be able to link tasks in your application to Jira issues.
4. **GitLab Integration**: Fetch repository information, commit history, and merge requests from GitLab. Users should be able to view recent commits and merge requests associated with their projects.
5. **Jenkins Integration**: Display build statuses and trigger builds from the application. Users should be able to see the latest build results and initiate new builds if necessary.
6. **Progress Tracking**: Provide visual representations of task completion through charts and graphs. Users should be able to track progress over time and identify bottlenecks.
7. **Notifications**: Set up real-time notifications for critical updates such as task changes, build failures, and new merge requests.
8. **Customization**: Allow users to customize their dashboard layout, adding widgets for different types of information (e.g., task lists, build statuses, etc.).

To utilize the 'agentic-devtools' package, you will need to install it via pip and use its functions to handle integrations with Jira, GitLab, and Jenkins. For instance, to fetch data from Jira, you would use agentic-devtools' Jira integration methods. Similarly, for GitLab and Jenkins, you will use their respective modules provided by the package. Make sure to document each step of the integration process and any configurations required for connecting to these external services. The final product should be a comprehensive, user-friendly tool that streamlines the development workflow and enhances collaboration among team members.