AI Analysis
Final verdict: SUSPICIOUS
The package exhibits low risks in terms of network, shell execution, obfuscation, and credential handling, but its metadata suggests low maintenance and potential quality issues, raising suspicion.
- Metadata risk indicates low maintenance
- Lack of package description
Per-check LLM notes
- Network: No network calls detected, which is typical for command-line tools unless they require internet access for functionality.
- Shell: No shell execution patterns detected, indicating the package does not execute external commands, which is normal unless expected functionality requires it.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
- Credentials: No credential harvesting patterns detected, suggesting secure handling of sensitive information.
- Metadata: The package shows signs of low maintenance and potentially poor quality control, but lacks clear indicators of malicious intent.
Package Quality Overall: Low (2.0/10)
○ Low
Test Suite
1.0
No test suite detected
No test files or test-runner configuration detected
○ Low
Documentation
1.0
No documentation detected
No documentation URL, doc files, or meaningful description found
○ Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
23 type-annotated function signatures detected in source
○ Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentpassport-cli
Create a Python-based command-line tool named 'AgentTraceExplorer' that leverages the 'agentpassport-cli' package to provide developers with an efficient way to manage and visualize traces and keys associated with their applications. This tool should enable users to perform the following tasks: 1. **View Traces**: Allow users to view detailed trace information of their application’s execution flow. Users should be able to filter traces based on specific timestamps or trace IDs. 2. **Manage Keys**: Provide functionalities to add, delete, and update API keys and other sensitive information securely. Implement role-based access control to ensure that only authorized users can modify keys. 3. **Export Data**: Enable users to export trace data into various formats such as CSV or JSON for further analysis or reporting purposes. 4. **Interactive Interface**: Design an intuitive and user-friendly command-line interface that guides users through each operation step-by-step. 5. **Documentation and Help**: Include comprehensive documentation and help options within the CLI to assist users in understanding how to use each feature effectively. The 'agentpassport-cli' package will be utilized primarily for interacting with the underlying services that manage trace data and keys. Your task is to integrate these functionalities seamlessly into 'AgentTraceExplorer', ensuring that all operations are performed efficiently and securely. Additionally, consider implementing unit tests to verify the correctness and reliability of your tool.