agento-core

v0.10.2 suspicious
4.0
Medium Risk

AI Agent Framework — automates tasks using AI agents in Docker containers

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to the presence of shell execution patterns, despite having low risks in other areas. This suggests potential for risky behavior or a backdoor.

  • High shell risk
  • Low network and obfuscation risks
Per-check LLM notes
  • Network: No network calls detected, indicating low risk in this area.
  • Shell: Detection of shell execution patterns suggests potential for executing arbitrary commands, which may indicate risky behavior or a backdoor.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of sensitive information.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, but no other red flags are present.

📦 Package Quality Overall: Medium (5.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/agento-cc/agento/tree/main/docs
  • Detailed PyPI description (7609 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 266 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in agento-cc/agento
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • if none set.""" result = subprocess.run(["crontab", "-l"], capture_output=True, text=True) if re
  • _run: return True subprocess.run(["crontab", "-"], input=new_crontab, text=True, check=True)
  • try: result = subprocess.run( ["/opt/cron-agent/run.sh", "workspace:build
  • one: try: subprocess.run( ["/opt/cron-agent/run.sh", "replay", str(jo
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository agento-cc/agento appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Marcin Klauza" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agento-core 
Create a mini-application called 'AI Task Orchestrator' that leverages the 'agento-core' package to manage and automate complex workflows involving multiple AI services. This application will serve as a bridge between different AI models hosted in Docker containers, enabling users to define, schedule, and monitor task sequences that utilize these models. Here’s a detailed breakdown of the project scope and features:

1. **Project Scope**:
   - The application will allow users to define tasks that involve invoking one or more AI services (e.g., image recognition, sentiment analysis).
   - Each task will be executed within a Docker container, ensuring isolation and reproducibility.
   - Users will have the ability to chain tasks together to form workflows, where the output of one task serves as input for another.
   - A web-based UI will provide a visual representation of the workflow, including real-time status updates.

2. **Features**:
   - **Task Definition**: Users can specify tasks by selecting from a predefined list of AI services or by adding custom services.
   - **Workflow Creation**: Users can create workflows by arranging tasks in a sequence, with options to add conditional logic (e.g., if sentiment is positive, proceed to next task).
   - **Scheduling**: Workflows can be scheduled to run at specific times or intervals.
   - **Monitoring & Logging**: Real-time monitoring of task execution status and logs for troubleshooting.
   - **Docker Container Management**: Utilizing 'agento-core', the application will handle the creation, management, and removal of Docker containers required for each task.

3. **Implementation Steps**:
   - Step 1: Set up a Flask backend to handle API requests for task and workflow management.
   - Step 2: Integrate 'agento-core' to manage Docker containers for executing AI tasks.
   - Step 3: Develop a frontend using React or Vue.js to provide a user-friendly interface for defining and managing workflows.
   - Step 4: Implement real-time monitoring using WebSockets to update the UI with task statuses.
   - Step 5: Add support for scheduling workflows using a cron-like scheduler.
   - Step 6: Test the application thoroughly with various workflows to ensure reliability and efficiency.

This project aims to demonstrate the power of 'agento-core' in orchestrating complex AI workflows and highlights its potential in simplifying the development of AI-driven applications.