🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risks due to shell execution capabilities and code obfuscation techniques, which can be leveraged for malicious activities. Although there's no immediate evidence of credential harvesting or network abuse, the overall pattern suggests potential misuse.

High shell execution risk
Significant code obfuscation

Per-check LLM notes

Network: No network calls detected, which is not unusual and does not indicate immediate risk.
Shell: Shell execution is present and may indicate potential risks such as executing arbitrary commands, which could be exploited for malicious purposes.
Obfuscation: The code uses exec and compile functions with dynamically generated strings, indicating potential for code injection and obfuscation.
Credentials: No direct credential harvesting patterns are detected, but the presence of exec and compile functions raises suspicion.
Metadata: The repository was created very recently and the maintainer has only one package on PyPI, which could indicate a new or less experienced user but also raises suspicion.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

ta"][0] user, password = base64.b64decode(auth["authorizationToken"]).decode().split(":", 1) log(
vil): ns: dict = {} exec(compile("X = " + _pystr(evil), "t.py", "exec"), ns) assert ns[
= {"__file__": agent_py} exec(compile(src, agent_py, "exec"), ns) return ns, rec def te
= {"__file__": agent_py} exec(compile(src, agent_py, "exec"), ns) app = ns[APP_SYMBOL]
= {"__file__": agent_py} exec(compile(src, agent_py, "exec"), ns) root = ns[ROOT_SYMBOL]
r(evil) ns: dict = {} exec(compile(src, "t.py", "exec"), ns) # must parse AND execute ass

⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

--password-stdin``).""" subprocess.run(cmd, check=True, input=input_text, text=True) def _ecr_
run_bash": proc = subprocess.run( args.get("command", ""), shell=True, cwd=ro
args.get("command", ""), shell=True, cwd=root, capture_output=True, text=True,

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository created very recently: 4 day(s) ago (2026-06-02T19:46:31Z)

Repository created very recently: 4 day(s) ago (2026-06-02T19:46:31Z)

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Pawel Huryn" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentlift

Create a mini-application named 'AgentPorter' using the Python package 'agentlift'. This application will serve as a user-friendly interface for managing AI agents across different cloud platforms. The main goal of 'AgentPorter' is to simplify the process of defining, compiling, and deploying AI agents into various cloud environments such as Anthropic, AWS Bedrock, and Google Cloud Platform.

### Features:
1. **Agent Definition**: Users should be able to define their AI agents through a simple configuration file. This file will include details such as the agent's name, purpose, inputs/outputs, and any specific instructions or code snippets needed for the agent's operation.
2. **Compilation Tool**: Once defined, the application should compile the agent into different formats supported by each cloud platform. For example, converting the agent into Anthropic YAML format, AWS Bedrock AgentCore, and Google ADK.
3. **Deployment Interface**: After compilation, users should have the option to deploy their agents directly from the application to the chosen cloud service. The application should handle the authentication and deployment processes seamlessly.
4. **Audit & Management Console**: Provide a console where users can audit the portability and performance of their agents across different cloud services. This includes monitoring logs, adjusting settings, and retrieving metrics about the agent's performance.
5. **Live Monitoring**: Implement real-time monitoring capabilities to track the live status of deployed agents, including their health, response times, and any errors encountered.

### Steps to Build:
1. **Setup Project Environment**: Initialize a new Python project and install the 'agentlift' package along with other necessary dependencies like Flask for the web interface.
2. **Design User Interface**: Create a simple yet effective UI using Flask that allows users to upload agent definitions, view compiled files, manage deployments, and monitor agent statuses.
3. **Integrate 'agentlift' Package**: Use the 'agentlift' package to handle the core functionalities of defining, compiling, and deploying agents. Ensure that the application leverages 'agentlift' to abstract away complex cloud-specific configurations and APIs.
4. **Implement Authentication**: Set up secure login mechanisms to allow users to authenticate themselves before accessing or deploying their agents. Utilize OAuth for integrating with cloud providers.
5. **Develop Monitoring Tools**: Integrate tools within 'agentlift' that enable real-time monitoring and logging of deployed agents. Display these insights in the management console.
6. **Testing & Deployment**: Rigorously test all features of the application to ensure smooth functionality. Deploy the application on a cloud server and make it accessible via a domain name.

By completing this project, you'll gain hands-on experience with modern cloud computing technologies, Python programming, and the powerful 'agentlift' package.