AI Analysis
Final verdict: SUSPICIOUS
The package has a moderate risk score due to potential shell execution and low effort metadata, suggesting it might not be well-maintained or transparent about its purpose.
- Shell risk detected
- Low effort metadata
Per-check LLM notes
- Network: No network calls detected, which is normal and expected.
- Shell: Detection of shell execution patterns may indicate the package performs operations requiring elevated permissions or runs scripts, which could be legitimate but requires further investigation to ensure no malicious intent.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows signs of low effort and could be suspicious due to the lack of maintainer history and missing author details.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 10.0
Found 5 shell execution pattern(s)
ess try: result = subprocess.run(command, shell=True, check=True, stdout=subprocess.PIPE, stdess try: result = subprocess.run(['python', '-c', code], check=True, stdout=subprocess.PIPE,ess try: result = subprocess.run(['python', file], check=True, stdout=subprocess.PIPE, stderrport subprocess result = subprocess.run( ['findstr', pattern, file], stdout=subproceult = subprocess.run(command, shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 8.0
4 maintainer concern(s) found
Only one version has ever been released — brand new packageAuthor name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentic-terminal_yash
Create a fully-functional mini-application called 'TerminalBot' using the Python package 'agentic-terminal_yash'. TerminalBot will serve as a versatile command-line interface tool that leverages the capabilities of 'agentic-terminal_yash' to enhance user interaction and task automation. Your goal is to build a system where users can input commands through a terminal-like interface, and the bot processes these commands, providing feedback and executing tasks accordingly. Key Features: 1. User Authentication: Allow users to log in with their credentials before accessing any functionality. 2. Command Execution: Implement a feature that allows users to execute shell commands directly from the TerminalBot interface. 3. Task Automation: Enable users to create and manage automated tasks such as scheduling reminders or periodic checks. 4. Help and Documentation: Provide comprehensive help documentation accessible via a command, guiding users on how to use each feature effectively. 5. Error Handling: Ensure robust error handling to gracefully manage invalid inputs or command failures. 6. Custom Commands: Users should be able to define custom commands that perform specific actions, utilizing the power of 'agentic-terminal_yash' to integrate seamlessly into the workflow. How to Utilize 'agentic-terminal_yash': - Use the package's core functionalities to establish a seamless terminal experience for users. - Leverage its capabilities to handle complex interactions between the user and the bot, making it easy to extend the application with additional features in the future. - Integrate 'agentic-terminal_yash' to facilitate the execution of shell commands and the management of user-defined scripts or tasks.