agentpress-static

v1.0.0 suspicious
5.0
Medium Risk

agents.txt for any repo. Tell autonomous AI agents what they're allowed to do, in 60 seconds.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential misuse of shell commands and a less active maintainer, raising concerns about its legitimacy and security.

  • Shell risk is high, indicating potential for unintended actions.
  • Low community engagement and a new maintainer suggest possible lack of oversight.
Per-check LLM notes
  • Network: The network call pattern suggests normal HTTP request behavior, possibly for fetching resources or updates.
  • Shell: The shell execution patterns indicate potential interaction with system tools like git and Python scripts, which could be used for legitimate purposes but also pose risks if misused for unintended actions.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer seems new or inactive, and the repository lacks community engagement.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 38 test file(s) found

  • 38 test file(s) detected (e.g. test_adoption_fixpack.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3291 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 240 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in barneywohl/agentpress
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • try: req = urllib.request.Request(url, headers={ 'User-Agent': 'AgentP
  • }) with urllib.request.urlopen(req, timeout=20) as resp: body = res
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • pass try: res = subprocess.run( ["git", "config", "user.email"], cw
  • ound"} try: out = subprocess.run( [n, "--version"], capture_output=True, text=Tru
  • try: result = subprocess.run([sys.executable, str(_legacy_script()), "--help"])
  • e() try: result = subprocess.run([sys.executable, str(_legacy_script()), *argv]) retu
  • ime() try: proc = subprocess.run( spec.argv, cwd=str(cwd),
  • oin(str(c) for c in cmd)) subprocess.run(cmd, cwd=ROOT, check=True) def main() -> int: examples
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Barney Wohl" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentpress-static 
Create a mini-application named 'RepoGuardian' using the Python package 'agentpress-static'. This application will serve as a repository security tool, allowing users to define and manage permissions for autonomous AI agents within their GitHub repositories. The goal is to ensure that these AI agents operate within specified guidelines, enhancing both security and functionality of the repositories.

Step 1: Setup the Application
- Install 'agentpress-static' along with other necessary Python packages such as Flask for web serving.
- Create a simple Flask web interface where users can input details about their GitHub repositories and the actions their AI agents are permitted to perform.

Step 2: Define Permissions
- Utilize 'agents.txt' file format provided by 'agentpress-static' to specify actions and permissions for each AI agent.
- Allow users to create, edit, and delete entries in the 'agents.txt' file through the web interface.

Step 3: Integration with GitHub
- Implement OAuth2 authentication to allow users to connect their GitHub accounts securely.
- Enable the application to automatically generate 'agents.txt' files for connected repositories based on user-defined rules.

Step 4: Monitoring and Alerts
- Add functionality to monitor repository activities by AI agents against the defined rules.
- Set up alert mechanisms via email or Slack notifications if any unauthorized actions are detected.

Suggested Features:
- User-friendly dashboard for managing multiple repositories and agents.
- Detailed logs and audit trails for all actions performed by AI agents.
- Customizable alert thresholds and notification settings.
- Support for version control of 'agents.txt' files to track changes over time.