agentihooks

v1.13.0 suspicious
6.0
Medium Risk

Hook system and MCP tool server for Claude Code agents

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning behaviors including potential credential harvesting and obfuscation techniques, indicating a need for closer examination.

  • credential risk
  • obfuscation risk
Per-check LLM notes
  • Network: The use of SMTP suggests the package may be designed to send emails, which is not inherently suspicious.
  • Shell: Subprocess calls to shell commands like 'bash', 'git', and 'ssh' could indicate legitimate functionality but also raise concerns about potential execution of arbitrary code, suggesting higher scrutiny is needed.
  • Obfuscation: The provided snippet shows partial and incomplete obfuscation patterns, which could indicate an attempt to hide code execution patterns but lacks context for definitive judgment.
  • Credentials: The code attempts to retrieve environment variables that could potentially store sensitive information like tokens and configuration settings, raising concerns about potential credential harvesting.
  • Metadata: The maintainer seems new or inactive, and the repository lacks community engagement, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • try: with smtplib.SMTP(self._smtp_server, self._smtp_port, timeout=30) as server:
  • p}") with smtplib.SMTP(self._smtp_server_ip, self._smtp_port, timeout=30) as server
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • , "ssh-pkg-install"), (re.compile(r"\bdocker\s+exec\b", _RE_FLAGS), "ssh-docker-exec"), ( re.compil
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • }" try: result = subprocess.run( ["bash", str(script_path), *args],
  • r, str]: try: r = subprocess.run( ["git", *args], cwd=cwd,
  • try: result = subprocess.run( ["ssh", "-i", ssh_key, "-o", "BatchMode=yes
  • """ try: result = subprocess.run( ["git", "rev-parse", "--abbrev-ref", "HEAD"],
  • d}" try: result = subprocess.run( ["claude", prompt, "-p", "--model", model],
  • try: result = subprocess.run( [ "bash",
Credential Harvesting score 10.0

Found 4 credential access pattern(s)

  • le first env_config = os.environ.get("AWS_CONFIG_FILE") if env_config: path = Path
  • "true") TOKEN_WARN_PCT = int(os.getenv("TOKEN_WARN_PCT", "60")) TOKEN_CRITICAL_PCT = int(os.getenv("TOKEN
  • 0")) TOKEN_CRITICAL_PCT = int(os.getenv("TOKEN_CRITICAL_PCT", "80")) TOKEN_REDIS_TTL = int(os.getenv("TOKE
  • "80")) TOKEN_REDIS_TTL = int(os.getenv("TOKEN_REDIS_TTL", "3600")) BASH_FILTER_ENABLED = _env_bool("BASH
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "The Cloud Clockwork" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentihooks 
Create a mini-application called 'AgentiMonitor' using the Python package 'agentihooks'. This application will serve as a real-time monitoring tool for developers working with Claude Code agents. It should allow users to hook into various system events and monitor the performance of their agents through a user-friendly interface. Here are the steps and features you should include in your project:

1. **Setup**: Begin by installing the 'agentihooks' package and setting up a basic Flask web framework for the UI.
2. **Hook Configuration**: Implement a feature where users can configure different hooks for system events such as file access, network requests, etc., directly through the web interface.
3. **Real-Time Monitoring**: Use 'agentihooks' to capture these events in real-time and display them on the dashboard. Ensure that the data is presented in a visually appealing manner, possibly using charts or graphs.
4. **Performance Metrics**: Integrate the ability to track performance metrics of Claude Code agents, such as response times and memory usage, and display these alongside the event logs.
5. **Custom Reports**: Allow users to generate custom reports based on the monitored data, which they can download or share.
6. **Security Measures**: Since the application will have access to sensitive system information, ensure that appropriate security measures are in place, such as secure login and encryption of data.
7. **Documentation**: Provide comprehensive documentation for both end-users and developers, explaining how to use the application and how it integrates with 'agentihooks'.

By following these guidelines, you'll create a powerful yet simple-to-use tool for developers who want to better understand and optimize the behavior of their Claude Code agents.