agentic-stealth-browser

v2.4.0 suspicious
6.0
Medium Risk

Production-grade, human-mimicking browser automation framework for autonomous agents. Survives modern anti-bot systems.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its obfuscated code and potentially unreliable metadata. While there are no direct signs of malicious activity, the combination of signals raises concerns about its true intentions.

  • High obfuscation risk
  • Unreliable maintainer metadata
Per-check LLM notes
  • Network: The use of network calls suggests potential external communication which could be benign or malicious, depending on the package's intended functionality.
  • Shell: No shell execution patterns detected, indicating low risk of direct system command execution.
  • Obfuscation: The use of base64 encoding and dynamic imports suggests an attempt to obfuscate code, which could be indicative of malicious intent but could also be used for legitimate purposes like data encryption.
  • Credentials: No clear patterns indicating credential harvesting were found.
  • Metadata: The package has a suspicious non-HTTPS link and the maintainer's information is sparse, indicating potential unreliability.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • with urllib.request.urlopen(probe_url, timeout=3) as r:
  • read( lambda: urllib.request.urlopen(url, timeout=1.0).read() ) r
  • try: async with httpx.AsyncClient( proxies={"http://": proxy_url, "https://":
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • string.""" json_str = base64.b64decode(encoded.encode()).decode() return SessionCheckpoint.
  • ate", "config": config, "ts": __import__("time").time()} ) self._rotation_count = getattr(se
  • session_name=f"rotated-{__import__('uuid').uuid4().hex[:6]}", duration_minutes=30,
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:9222
Git Repository History

Repository shanewas/agentic-stealth-browser appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentic-stealth-browser 
Create a web scraping utility called 'StealthScraper' that leverages the 'agentic-stealth-browser' package to scrape data from websites while evading modern anti-bot detection systems. This utility should allow users to specify target URLs and desired data fields, then automatically navigate through the website, collect the necessary information, and output it in a structured format such as CSV or JSON. Additionally, implement a feature to handle CAPTCHAs and other anti-bot measures by using the package's human-like behavior simulation capabilities. Include the following functionalities:
1. User-friendly interface for inputting URLs and scraping parameters.
2. Automated navigation through websites to gather specified data.
3. Detection and handling of CAPTCHAs and other anti-bot challenges.
4. Output scraped data into a structured file format.
5. Logging of scraping activities for debugging and performance analysis.
Utilize 'agentic-stealth-browser' to mimic human browsing patterns, ensuring the utility can survive advanced bot-detection mechanisms.