agentorchestr

v0.9.0 suspicious
6.0
Medium Risk

Agent orchestrator for terminal-based coding agents — discovers installed CLIs, runs them in parallel, ships giant projects in hours

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks due to its network and shell execution capabilities, which, although potentially legitimate, lack sufficient clarity and sanitization. The incomplete nature of the code and the newly created repository with low activity add to the suspicion.

  • High shell execution risk
  • Unclear network interactions
Per-check LLM notes
  • Network: Network calls may be legitimate for API interactions but the incomplete code snippets raise concerns about uncontrolled external requests.
  • Shell: Shell executions could indicate legitimate functionality like version control operations or environment management, but direct execution poses high risk if not properly sanitized.
  • Obfuscation: The use of base64 encoding for decoding signatures and public keys may indicate obfuscation but could also be legitimate for cryptographic operations.
  • Credentials: No clear patterns of credential harvesting detected.
  • Metadata: The repository's recent creation and low activity suggest potential risk, but insufficient evidence to conclusively determine malicious intent.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 18 test file(s) found

  • Test runner config found: pyproject.toml
  • 18 test file(s) detected (e.g. test_agent_detector.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/IAZENT/agentorchestr#readme
  • Detailed PyPI description (10717 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 208 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 14 commits in IAZENT/agentorchestr
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • if own: client = httpx.AsyncClient( follow_redirects=True, timeout=time
  • eturn payload async with httpx.AsyncClient( follow_redirects=True, timeout=DEFAULT_TIME
  • nt = 0 self._client = httpx.AsyncClient(timeout=60.0) self._cooldown_s = cooldown_s
  • def _client(app): return httpx.AsyncClient(transport=httpx.ASGITransport(app=app), base_url="http://tes
  • tml>", ) client = httpx.AsyncClient(transport=_mock_transport(responder)) try: text
  • ext="not found") client = httpx.AsyncClient(transport=_mock_transport(responder)) try: asser
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • try: signature = base64.b64decode(sig_path.read_text().strip()) pubkey_bytes = base64.
  • rip()) pubkey_bytes = base64.b64decode(key_path.read_text().strip()) except (OSError, ValueErro
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: result = subprocess.run( [path, flag], capture_outpu
  • try: r = subprocess.run([gh_path, "extension", "list"],
  • try: r = subprocess.run( ["git", "rev-list", "--count", "HEAD"],
  • dates separately. r = subprocess.run( ["tmux", "list-panes", "-a", "-F",
  • try: r = subprocess.run( ["tmux", "-V"], capture_output=True, text=T
  • the install lean. r = subprocess.run( ["git", "clone", "--depth", "1", url, str(targe
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 5 day(s) ago (2026-06-01T09:51:18Z)

  • Repository created very recently: 5 day(s) ago (2026-06-01T09:51:18Z)
  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "agentorchestr contributors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentorchestr 
Develop a terminal-based project management tool called 'CodeSprint' that leverages the 'agentorchestr' package to streamline the development process for large-scale software projects. CodeSprint should enable developers to run multiple coding tasks in parallel using different command-line interfaces (CLIs), significantly reducing the time required to complete extensive coding projects.

Step-by-Step Guide:
1. Setup: Initialize your Python environment and install the 'agentorchestr' package along with any necessary CLI tools such as Git, Docker, and npm.
2. Project Discovery: Use 'agentorchestr' to discover all installed CLIs and their capabilities. Display these options in an interactive menu.
3. Task Definition: Allow users to define tasks by selecting from the discovered CLIs and specifying parameters like commands, arguments, and input/output files.
4. Parallel Execution: Implement functionality to execute multiple defined tasks in parallel using the 'agentorchestr' package. Ensure tasks can communicate through shared resources if needed.
5. Status Monitoring: Provide real-time monitoring of task execution status, including progress bars, logs, and alerts for errors or completion.
6. Results Compilation: Once all tasks are completed, compile results into a comprehensive report showing the success/failure status of each task, along with any relevant outputs or logs.
7. Integration with CI/CD: Extend the tool to integrate with popular CI/CD pipelines (GitHub Actions, Jenkins, etc.), allowing automated execution of 'CodeSprint' workflows during the build process.

Suggested Features:
- User-friendly GUI for easier task definition and monitoring.
- Support for versioning and rollback of task definitions.
- Ability to pause/resume task execution.
- Customizable notifications (email/SMS) for task completion or failure.
- Detailed analytics on task performance over time.

How 'agentorchestr' is Utilized:
- 'agentorchestr' will be the backbone of CodeSprint, providing the core functionality for discovering and executing CLI tasks in parallel. It will handle the orchestration logic, ensuring smooth and efficient task execution while minimizing resource contention.