agentic-fabriq-sdk

v0.1.85 suspicious
4.0
Medium Risk

Agentic Fabriq SDK: high-level client, CLI tool, DX helpers, and auth for AI agents

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential risk, particularly due to shell execution and the inability to locate its repository. However, there is no clear evidence of malicious intent.

  • Shell risk (5/10) due to possible execution of shell commands
  • Repository not found, raising concerns about the package's origin and maintenance
Per-check LLM notes
  • Network: The network calls appear to be API interactions which could be legitimate if the SDK is designed to interact with a service.
  • Shell: Executing shell commands can be risky as it may indicate the package is performing actions that could be exploited, such as dependency management or running server-side scripts.
  • Obfuscation: No obfuscation patterns detected in the provided snippet.
  • Credentials: The use of 'keyring.get_password' suggests secure storage retrieval, but without context, it could potentially be used for credential harvesting.
  • Metadata: The repository not being found and the maintainer having only one package suggest potential risks, but no clear malicious intent is evident.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • l yourself response = requests.get( token_info["api_call"]["full_url"],
  • ts ... response = requests.get( ... token_info.full_url, ...
  • lf >>> response = requests.get( ... token_info.full_url, ...
  • try: response = httpx.get( f"{config.gateway_url}/api/v1/applications"
  • r try: response = httpx.delete( f"{config.gateway_url}/api/v1/applications/{app
  • try: response = httpx.post( f"{gateway_url}/api/v1/auth/resolve-org",
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • her Unix result = subprocess.run( ["ps", "-p", str(ppid), "-o", "comm="],
  • else: result = subprocess.run( ["ps", "-p", str(ppid), "-o", "args="],
  • ver dependencies...") subprocess.run(["npm", "install"], cwd=str(vm_dir), check=True) # Pass
  • ...") try: proc = subprocess.run( ["node", str(server_js)], env=env,
⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • token_json = keyring.get_password( self.SERVICE_NAME,
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: agentic-fabriq.org

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Agentic Fabriq Contributors" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agentic-fabriq-sdk 
Create a mini-application named 'AI Agent Manager' that allows users to manage and interact with multiple AI agents through a simple command-line interface (CLI). This application will utilize the 'agentic-fabriq-sdk' package to handle authentication, deployment, and interaction with AI agents. Here’s a step-by-step guide on what the application should do and how it should be structured:

1. **Authentication**: Implement user authentication using the SDK's authentication capabilities. Users should be able to log in using their credentials and receive an access token for subsequent requests.
2. **Agent Management**: Allow users to create, delete, and list AI agents they have access to. Each agent should have a unique identifier, name, and description.
3. **Deployment**: Provide functionality to deploy new AI agents. Users should be able to specify the type of agent (e.g., language model, image generator) and any necessary configurations.
4. **Interaction**: Enable users to send prompts to AI agents and receive responses. Ensure that the CLI provides a clean and intuitive way for users to communicate with their agents.
5. **Configuration**: Include options for users to configure settings related to each agent, such as API rate limits, logging preferences, etc.
6. **Help and Documentation**: Offer comprehensive help documentation within the CLI, including examples of how to use different commands and manage agents effectively.

**Features to Consider**:
- Support for multiple environments (development, staging, production).
- Ability to switch between different accounts or organizations.
- Detailed logging of interactions and operations performed via the CLI.
- Integration with cloud storage services for backing up agent configurations.
- Command history and autocomplete for ease of use.

By leveraging the 'agentic-fabriq-sdk', you'll be able to streamline the process of managing AI agents, making it easier for developers and users alike to work with these powerful tools.