agentnet-cli

v0.2.0 suspicious
5.0
Medium Risk

Detect AI agents and connect them to the Agent-net marketplace

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to potential unsanitized shell executions and an unverified maintainer profile, though no direct evidence of malicious intent is present.

  • Shell risk due to execution of external commands
  • Unclear maintainer identity
Per-check LLM notes
  • Network: The network calls appear to be checking the package version on PyPI, which is a common and legitimate practice.
  • Shell: The shell execution patterns involve running external commands like 'uv', 'pipx', and 'claude'. These may be part of the tool's functionality but could pose risks if not properly sanitized or controlled.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has a new or inactive account and lacks a proper author name, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 25 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 25 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9657 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 141 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 36 commits in TheAgent-net/agentnet-cli
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • noqa: PLC0415 resp = httpx.get( "https://pypi.org/pypi/agentnet-cli/json",
  • http_client=http_client or httpx.Client(timeout=30.0), ) self._agent_id = agent_id
  • self._http = http_client or httpx.Client(timeout=30.0) # -- context manager & cleanup (L-4) --
  • ], "total": 0})) client = httpx.Client(transport=transport) return ToolHandlers( platfo
  • agent_id, http_client=httpx.Client(transport=transport), ) def test_discover(handlers):
  • d="ag_1", http_client=httpx.Client(transport=transport), ) result = h.wallet(action="ba
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • d() try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=120) if
  • try: r = subprocess.run( ["uv", "tool", "list"], cap
  • try: r = subprocess.run( ["pipx", "list", "--short"],
  • lace_source() proc = subprocess.run( ["claude", "plugin", "marketplace", "add", mark
  • led: {msg}"]) proc = subprocess.run( ["claude", "plugin", "install", _PLUGIN_ID, "--
  • return True subprocess.run( ["claude", "plugin", "uninstall", _PLUGIN_ID, "
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository TheAgent-net/agentnet-cli appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentnet-cli 
Create a mini-application named 'AgentLinker' that leverages the 'agentnet-cli' Python package to detect AI agents running in a local network and automatically register them with the Agent-net marketplace. The application should have a user-friendly command-line interface and include the following features:

1. **Agent Detection**: Implement functionality to scan the local network for active AI agents. Utilize the 'agentnet-cli' package to identify these agents based on predefined criteria such as specific service ports or unique identifiers.
2. **Automatic Registration**: Once detected, the application should automatically register these agents with the Agent-net marketplace using the 'agentnet-cli' registration API. Ensure that each agent is uniquely identified and associated with its owner's account.
3. **User Interface**: Develop a clean and intuitive command-line interface for users to interact with the application. Users should be able to start the detection process, view the status of registered agents, and manage their accounts within the Agent-net marketplace.
4. **Customization Options**: Allow users to customize the detection parameters, such as specifying IP ranges or agent types to focus on. This flexibility ensures the application can adapt to various network environments.
5. **Error Handling and Logging**: Implement robust error handling and logging mechanisms to capture any issues during the detection and registration processes. Logs should be stored locally and also sent to a remote server for analysis and support.
6. **Security Measures**: Ensure secure communication between the application and the Agent-net marketplace APIs. Use HTTPS for all API calls and encrypt sensitive data stored locally.

The goal of 'AgentLinker' is to simplify the process of connecting AI agents to the broader ecosystem of the Agent-net marketplace, thereby enabling seamless integration and collaboration among different AI systems.