AI Analysis
Final verdict: SUSPICIOUS
The package shows some signs of potential obfuscation and has low maintainer activity, which raises concerns about its trustworthiness. However, no direct evidence of malicious intent or credential harvesting was found.
- Potential obfuscation through base64 decoding
- Low maintainer activity and poor metadata quality
Per-check LLM notes
- Network: No network calls were detected.
- Shell: Shell execution appears to be used for clearing the console screen and interacting with GitHub CLI, which is not inherently malicious but should be reviewed within the context of the package's intended functionality.
- Obfuscation: The presence of base64 decoding suggests potential obfuscation, but it could also be used for legitimate purposes such as handling encrypted data.
- Credentials: No clear patterns indicating credential harvesting were detected.
- Metadata: The package shows low maintainer activity and poor metadata quality, raising suspicion but not conclusive evidence of malice.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
score 4.0
Found 2 obfuscation pattern(s)
decoded_bytes = base64.b64decode(_f.file.bytes) return GenerationFile): data = base64.b64decode(data) return FilePart( t
Shell / Subprocess Execution
score 6.0
Found 3 shell execution pattern(s)
ar the console screen.""" os.system("cls" if os.name == "nt" else "clear") def display_ascii_adescription) result = subprocess.run(cmd, capture_output=True, text=True) stdout_lower =try: result = subprocess.run( [gh_cli, "release", "list", "--json", "tagN
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: users.noreply.github.com>
Suspicious Page Links
score 4.0
Found 2 suspicious link(s) on the package page
Non-HTTPS external link: http://evolution:8080Non-HTTPS external link: http://evolution-service:8080
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentle
Create a simple task management application using the 'agentle' package. This application should allow users to add, edit, delete, and mark tasks as completed. Additionally, implement a feature that allows users to categorize their tasks into different lists such as 'Work', 'Personal', etc. Use the 'agentle' package to manage the state of the application efficiently, ensuring smooth transitions between adding a new task and viewing existing ones without losing any data or state. Step-by-Step Guide: 1. Set up a basic Flask web application framework. 2. Integrate the 'agentle' package to handle state management across different views. 3. Create a form to add new tasks, including fields for task name, description, due date, and category. 4. Implement a view to display all tasks, allowing users to filter by category. 5. Add functionality to mark tasks as completed and delete tasks. 6. Ensure that the application maintains its state seamlessly when switching between adding a new task and viewing existing tasks. 7. Test the application thoroughly to ensure all features work as expected. 8. Deploy the application on a platform like Heroku for others to try out. Suggested Features: - User authentication to allow multiple users to have their own task lists. - A calendar view to show all tasks with their respective due dates. - Notifications for upcoming deadlines. - An option to export tasks to a CSV file.