agentlaw

v0.2.6 suspicious
5.0
Medium Risk

Law-first governance kit for AI coding agents: installable scaffold + memory MCP server that lets agents read project rules before they write code.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potentially executing shell commands, which could be indicative of a benign use case such as setting up initial configurations, but also raises concerns about possible unintended behaviors or vulnerabilities.

  • Shell risk is rated at 4 out of 10, suggesting potential execution of system commands.
  • No other significant risks were identified, but the shell execution warrants closer scrutiny.
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package is expected to communicate with external services.
  • Shell: Shell execution patterns indicate potential execution of commands on the system, which could be benign if the package's purpose involves running scripts or tools, but warrants further investigation.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • str]: try: return subprocess.run( args, capture_output=True,
  • try: completed = subprocess.run( executable_args, capture_output=Tru
  • str]: try: return subprocess.run(args, capture_output=True, text=True, check=False) excep
  • ): self.process = subprocess.Popen( [ sys.executable,
  • os.name == "nt": subprocess.run( ["taskkill", "/PID", str(int(pid)), "/T", "
  • else 0 ) return subprocess.Popen( # noqa: S603 - fixed module argv, shell=False [
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com>

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agentlaw 
Create a legal compliance assistant tool using the 'agentlaw' Python package. This tool will help developers ensure their code adheres to specific legal and ethical guidelines as they write it. Here’s how you can structure the project:

1. **Project Setup**: Start by installing the 'agentlaw' package. Ensure you have a clear understanding of its capabilities, such as setting up a memory MCP server and allowing coding agents to read project rules before writing any code.

2. **Define Legal Rules**: Create a set of legal rules that the coding agents must adhere to. These rules could include data privacy laws, intellectual property rights, or industry-specific regulations. Store these rules in a structured format that the 'agentlaw' package can easily parse and enforce.

3. **Integrate with Code Editors**: Develop an extension or plugin for popular code editors like VSCode or PyCharm. This integration should allow the tool to monitor the developer's code as they type, checking against the predefined legal rules stored in the 'agentlaw' memory MCP server.

4. **Real-time Compliance Checks**: Implement real-time checks where the tool flags potential violations of the legal rules as the developer writes code. For example, if a developer tries to access personal data without proper consent, the tool should alert them immediately.

5. **Educational Resources**: Include a feature that provides educational resources to developers when they violate a rule. This could be in the form of links to relevant legal documents, articles, or tutorials that explain why certain actions are not compliant.

6. **Customization Options**: Allow developers to customize the legal rules based on their specific project needs. They should be able to add new rules or modify existing ones through a user-friendly interface provided by the 'agentlaw' package.

7. **Reporting and Analytics**: Finally, provide reporting and analytics features that track compliance over time. Developers should be able to see which rules were most frequently violated, helping them identify areas for improvement in future projects.

Throughout the development process, utilize the 'agentlaw' package to manage the rules database, enforce compliance checks, and integrate seamlessly with the coding environment.