AI Analysis
Final verdict: SUSPICIOUS
The package shows a moderate level of suspicion due to its high shell risk and suspicious metadata. While there's no direct evidence of malicious intent, the combination of executing external applications and the lack of a proper GitHub repository raises concerns.
- High shell risk (7/10) indicating potential unauthorized actions.
- Suspicious metadata with a non-HTTPS link and missing GitHub repository.
Per-check LLM notes
- Network: No network calls detected, which is normal unless the package requires internet access.
- Shell: The use of shell execution to run external applications like Chrome or other apps might be legitimate but raises suspicion as it could indicate unauthorized actions or potential backdoors.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: Suspicious non-HTTPS link and lack of GitHub repository suggest potential risk, but limited evidence of malintent.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 10.0
Found 6 shell execution pattern(s)
oogle Chrome" subprocess.run( ["osascript", "-e", f'tell applicationows" and app: subprocess.run( f'start "" "{app}"',nux" and app: subprocess.Popen( [app], stdout=subpr(["-e", line]) proc = subprocess.run( cmd, check=False, captu} result = subprocess.run( args, cwd=str(workdir_path),"{app}"', shell=True, check=False, stdou
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: agently.tech
Suspicious Page Links
score 2.0
Found 1 suspicious link(s) on the package page
Non-HTTPS external link: http://127.0.0.1:11434/v1
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "Agently Team" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agently
Create a task management mini-app using the Python package 'agently'. This app will allow users to create tasks, assign them to specific categories, set deadlines, and mark them as completed. Additionally, the app should support user authentication for multiple accounts and provide a history of all actions performed on tasks for each user. Hereβs a detailed breakdown of the requirements: 1. **User Authentication**: Implement a simple login system where users can sign up and log in. Each user should have their own task list. 2. **Task Creation**: Users should be able to create new tasks with titles, descriptions, categories, and deadlines. 3. **Task Management**: Allow users to view, edit, delete, and mark tasks as completed. Tasks should also be sortable by category and deadline. 4. **History Tracking**: Every action taken on a task (creating, editing, deleting, marking as completed) should be recorded in a history log for each user. 5. **Stable Structured Outputs**: Use 'agently' to ensure that all data structures are consistent and well-defined, making it easier to manage tasks and histories. 6. **Observable Actions**: Utilize 'agently' to make sure every action taken within the app is observable, allowing for better debugging and monitoring of user interactions. 7. **Durable Workflows**: Implement workflows that ensure tasks are handled reliably even if there are interruptions or failures. For example, if a task is marked as completed but the system crashes before saving, the workflow should recover the state upon restart. To achieve these functionalities, you will need to leverage 'agently' for its framework capabilities in managing stable structured outputs, observable actions, and durable workflows. This ensures that your task management app is not only functional but also robust and reliable.