agentmesh-mcp-server

v3.7.0 suspicious
4.0
Medium Risk

MCP Server for Claude Desktop - Agent OS kernel primitives including code safety verification, CMVK multi-model review, and IATP trust

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to the use of eval(), which can pose a security threat if misused, and incomplete maintainer information.

  • Obfuscation risk due to eval() usage
  • Incomplete maintainer metadata
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communication.
  • Shell: No shell execution detected, indicating no direct system command execution by the package.
  • Obfuscation: The use of eval() indicates potential for malicious dynamic code execution, though it may be used legitimately in certain contexts.
  • Credentials: No patterns indicative of credential harvesting were detected.
  • Metadata: The maintainer's author information is incomplete and may indicate a new or less active account, raising some suspicion.

📦 Package Quality Overall: Medium (5.4/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/microsoft/agent-governance-toolkit/tree/m
  • Detailed PyPI description (6396 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 43 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkit
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • ge": "Dynamic code execution: eval() detected", "alternative": "Use JSON.parse() fo
  • "issue": "eval() usage is dangerous", "fix": "Use JSON.
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: microsoft.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentmesh-mcp-server 
Create a Python-based desktop application named 'SecureCodeRunner' that integrates the 'agentmesh-mcp-server' package to ensure secure execution of user-provided code snippets. This application will serve as a sandbox environment where users can input and run their Python code without the risk of executing harmful or unauthorized commands. The app should have the following functionalities:

1. **Code Input**: Allow users to paste or type their Python code into the application.
2. **Safety Verification**: Utilize the 'agentmesh-mcp-server' package to perform safety checks on the submitted code before execution. This includes verifying the code against known security risks and ensuring it does not contain any malicious operations.
3. **Execution Environment**: Provide a secure execution environment for the verified code. This environment should restrict access to sensitive system resources and only allow safe interactions with the user's data.
4. **Feedback Mechanism**: Display the output of the executed code to the user along with any error messages. Additionally, provide feedback on why certain parts of the code were flagged during the safety check if they were not allowed to execute.
5. **User Interface**: Develop a simple yet intuitive graphical user interface using a library such as PyQt or Tkinter to facilitate interaction with the application.
6. **Logging**: Implement logging capabilities to record all code submissions and execution results for auditing purposes.

The 'agentmesh-mcp-server' package plays a crucial role in this application by providing the necessary tools for code safety verification and ensuring that the code runs within a trusted environment. It helps in preventing unauthorized or potentially harmful code from being executed, thereby enhancing the overall security of the application.