agentkit-sdk

v0.6.0 suspicious
6.0
Medium Risk

Developer SDK for building personalized voice AI assistants

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning practices, including potential code obfuscation and execution of shell commands, indicating a moderate risk level.

  • High shell risk due to execution of shell commands
  • Significant obfuscation risk from use of base64 decoding and eval
Per-check LLM notes
  • Network: Network calls to external APIs are common but should be reviewed for data handling practices.
  • Shell: Executing shell commands can introduce security risks and should be scrutinized for potential misuse.
  • Obfuscation: The use of base64 decoding and eval suggests potential code obfuscation or execution of arbitrary code, which could be risky.
  • Credentials: No direct signs of credential harvesting detected, but the use of eval could potentially be exploited for such purposes.
  • Metadata: The package shows low effort in maintaining metadata and author details, which may indicate a lack of transparency.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • import httpx # response = httpx.get(f"https://api.example.com/search?q={query}") # return re
  • px self._client = httpx.AsyncClient(timeout=30.0) except ImportError: raise
  • ] = 16000 async with httpx.AsyncClient(timeout=30.0) as client: response = await client
  • s) -> str: async with httpx.AsyncClient(timeout=30.0) as client: response = await client
  • or[bytes]: async with httpx.AsyncClient(timeout=30.0) as client: response = await client
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • audio_bytes = base64.b64decode(audio_base64) yield audio_bytes asy
  • r: return str(eval(expression)) Args: func: The function t
  • ed" try: result = eval(expression) # safe: input is sanitized above return
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • (shell_dir) result = subprocess.run(["npm", "install"], capture_output=True, text=True)
  • es)...") result = subprocess.run( ["eas", "build", "--platform", "android", "
  • .echo() result = subprocess.run( ["npx", "expo", "run:android", "--variant",
  • Railway project...") subprocess.run(["railway", "init"], check=True) click.echo("Deploy
  • oying to Railway...") subprocess.run(["railway", "up"], check=True) click.secho("\nDeplo
  • ployment URL result = subprocess.run( ["railway", "domain"], capture_output=True, tex
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentkit-sdk 
Create a personalized voice assistant app using the 'agentkit-sdk' Python package. This app will serve as a comprehensive tool for managing daily tasks, providing information, and enhancing user interaction through voice commands. The app should include the following core functionalities:

1. **Voice Command Recognition**: Utilize the 'agentkit-sdk' to enable the app to understand and respond to voice commands.
2. **Task Management**: Users should be able to create, update, and delete tasks through voice commands. For example, 'Add groceries to my to-do list', 'Mark task as done', etc.
3. **Information Retrieval**: The app should be capable of fetching information from the internet such as weather updates, news headlines, and sports scores upon request.
4. **Personalized Greetings and Reminders**: Implement a feature where the app greets users by name and reminds them of upcoming events or tasks based on their calendar entries.
5. **Integration with External Services**: Integrate the app with services like Google Calendar or Spotify for enhanced functionality.
6. **Customizable Responses**: Allow users to customize the responses and greetings provided by the app.
7. **User Authentication**: Ensure secure access to the app through voice recognition or other authentication methods.

The 'agentkit-sdk' package is crucial for enabling voice command recognition and interaction within the app. It provides tools for setting up the voice interface, training models for better understanding of user commands, and integrating with external services to fetch data. Your task is to design and implement this app from scratch, ensuring it is user-friendly and efficient. Document your process, including any challenges faced and solutions implemented, to provide valuable insights for future developers.