agentic-metric-x

v0.6.5 suspicious
4.0
Medium Risk

Local and SSH remote monitoring tool for AI coding agents — track token usage and costs across Claude Code and Codex

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk due to potential unexpected shell executions, despite no clear signs of malicious intent or obfuscation.

  • Shell risk due to potential system process execution
  • Low activity maintainer account
Per-check LLM notes
  • Network: No network calls were detected.
  • Shell: The presence of shell execution commands suggests the package may execute system processes, which could be unexpected and potentially risky depending on the package's intended use.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package, suggesting a new or less active account which may warrant further investigation.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • t]: try: result = subprocess.run( ["tasklist", "/FO", "CSV", "/NH"],
  • ct else "-f" result = subprocess.run( ["pgrep", flag, process_name], capt
  • try: result = subprocess.run( ["lsof", "-a", "-p", str(pid), "-d", "cwd",
  • cess: try: proc = subprocess.run( _ssh_command(remote, remote_cmd), i
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository xihuai18/agentic-metric appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "xihuai18" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentic-metric-x 
Create a comprehensive monitoring tool called 'AI-Agent Watcher' using the Python package 'agentic-metric-x'. This tool will enable developers to monitor and manage the performance of their AI coding agents both locally and remotely via SSH. The application should provide real-time tracking of token usage and costs for multiple AI coding services like Claude Code and Codex. Here’s a detailed breakdown of the requirements:

1. **Setup and Configuration**: Users should be able to configure the tool with their API keys and SSH details for remote agent access.
2. **Real-Time Monitoring**: Implement a dashboard that displays real-time metrics such as token usage, cost incurred, and system load for each active AI agent.
3. **Remote Agent Management**: Allow users to connect to remote AI agents via SSH and monitor their activities from a central location.
4. **Cost Estimation**: Provide a feature that estimates future costs based on current usage patterns and alert users if they exceed predefined budget limits.
5. **Data Export**: Enable exporting of monitored data into CSV or JSON formats for further analysis.
6. **Customizable Alerts**: Users should be able to set up custom alerts for various thresholds related to token usage, costs, and system performance.
7. **User Interface**: Develop a user-friendly web interface using Flask or Django for easy interaction.

The 'agentic-metric-x' package will be crucial in handling the underlying communication and data collection processes for both local and remote agents. Your task is to design and implement this application, ensuring it integrates seamlessly with 'agentic-metric-x', providing a robust solution for managing AI coding agents.