Package Metadata

Author: The Cloud Clockwork
Email: —
PyPI: agenticore
Python: >=3.10
Versions: 33 releases
First release: 22 Feb 2026, 22:28 UTC
Analysed: 06 Jun 2026, 10:10 UTC
Source files: 40 .py files scanned

Project Links

Changelog Documentation Homepage Issues Repository

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: Build ToolsTopic :: Software Development :: Libraries :: Application Frameworks

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks related to shell execution and credential handling, suggesting potential misuse. However, the network and metadata risks are lower, indicating it might not be purely malicious but requires careful scrutiny.

High shell risk
High credential risk

Per-check LLM notes

Network: The network calls seem to be for health checks and API interactions, which could be legitimate if the package is designed to interact with external services.
Shell: Executing shell commands can be risky as it may indicate the package performs system-level operations without clear user consent, potentially leading to unauthorized actions.
Obfuscation: The use of base64 decoding suggests possible obfuscation to hide code logic or data, which is suspicious without clear documentation.
Credentials: Appending tokens and checking against an environment variable for a token indicates potential harvesting or misuse of credentials.
Metadata: Suspicious non-HTTPS links and a new maintainer with a single package increase the risk slightly.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

8100") try: req = urllib.request.Request(f"{bridge_url}/health", method="GET") with u
", method="GET") with urllib.request.urlopen(req, timeout=3) as resp: data = json.loa
entibridge.api_key return httpx.Client( base_url=cfg.agentibridge.url.rstrip("/"),
import httpx resp = httpx.get(f"{_api_url()}{path}", timeout=10) return resp.json()
import httpx resp = httpx.post(f"{_api_url()}{path}", json=data, timeout=30) return res
import httpx resp = httpx.delete(f"{_api_url()}{path}", timeout=10) return resp.json()

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

try: return base64.b64decode(b64).decode().strip() except Exception as exc:

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

st_ok=True) result = subprocess.run( ["git", "clone", "--depth", "1", "--branch", br
continue result = subprocess.run(cmd, capture_output=True, text=True, timeout=60, cwd=package
tat.S_IEXEC) result = subprocess.run( ["bash", str(script_path)], capture
""" try: result = subprocess.run( ["kubectl", "get", "pods", "--all-namespaces",
]) try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=120) if
ct: try: result = subprocess.run( [ "kubectl", "e

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

.append(primary) static = os.getenv("GITHUB_TOKEN", "") if static and static != primary: tokens_t

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

⚠ Suspicious Page Links score 6.0

Found 3 suspicious link(s) on the package page

Non-HTTPS external link: http://litellm.your-cluster.svc:4000/v1
Non-HTTPS external link: http://my-agent.namespace.svc:8200/v1
Non-HTTPS external link: http://otel-collector:4317

✓ Git Repository History

Repository The-Cloud-Clockwork/agenticore appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "The Cloud Clockwork" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agenticore

Create a fully-functional mini-application called 'CodeBuddy' using the 'agenticore' Python package. This application will serve as a personal code development assistant, capable of running code snippets, managing repositories, and tracking the development process through observability pipelines. Here’s a step-by-step guide on how to build it:

1. **Setup Project Structure**: Initialize your project directory and install the necessary dependencies including 'agenticore'.
2. **Repository Management**: Implement functionality within 'CodeBuddy' to clone, pull, push, and manage local Git repositories.
3. **Code Execution**: Utilize 'agenticore' to create a job lifecycle for executing code snippets provided by the user. Ensure these snippets can be run in different environments (e.g., Python, JavaScript).
4. **Observability Pipeline**: Integrate OpenTelemetry (OTEL) through 'agenticore' to monitor and log the execution of each code snippet, including errors and performance metrics.
5. **User Interface**: Develop a simple command-line interface (CLI) where users can interact with 'CodeBuddy', providing code snippets, managing repositories, and viewing logs.
6. **Testing and Documentation**: Write tests for critical functionalities and document the project comprehensively, explaining how to set up and use 'CodeBuddy'.

Suggested Features:
- Support for multiple programming languages.
- Real-time feedback during code execution.
- Ability to save and load previous sessions.
- Integration with cloud-based storage for repository backups.

Utilize 'agenticore' to streamline the orchestration and management of these tasks, ensuring a seamless and efficient development experience.