agentork

v0.1.0 suspicious
4.0
Medium Risk

Orchestration framework for multi-agent workflows via external commands

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has legitimate use cases but raises concerns due to incomplete metadata and a single version release. Further investigation is required.

  • missing author information
  • non-secure link
  • single version release
Per-check LLM notes
  • Network: No network calls detected, which is normal and not suspicious.
  • Shell: Subprocess execution might be part of package functionality, but should be reviewed for legitimacy and security context.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows several red flags including a non-secure link, missing author information, and a single version release, suggesting potential malicious intent.

📦 Package Quality Overall: Low (4.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/agentork/agentork#readme
  • Detailed PyPI description (13805 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 123 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • T_FILE": tmp_path} proc = subprocess.run( [sys.executable, str(script)], capture_outp
  • try: proc = subprocess.run( cmd, capture_output
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain score 3.0

Suspicious email domain flags: Very short email domain: qq.com>

  • Very short email domain: qq.com>
Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:7979/monitor/
Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentork 
Build a simple Python application using the agentork package to demonstrate its core features.