agentprop

v0.1.0a3 suspicious
7.0
High Risk

Graph control for AI-agent workflows.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several high-risk behaviors including potential unauthorized data transfer, capability to run arbitrary code, obfuscated code, and attempts to access sensitive environment variables. These factors, combined with the lack of community engagement and limited maintainer history, suggest a non-trivial risk level.

  • high network risk
  • shell execution risk
  • obfuscation
  • credential harvesting potential
Per-check LLM notes
  • Network: The package makes external network calls which could potentially be used for unauthorized data transfer or command execution.
  • Shell: Multiple attempts to execute shell commands suggest the package may have capabilities for running arbitrary code, posing a significant risk.
  • Obfuscation: The obfuscated code suggests an attempt to hide the model evaluation and inference logic, which could be indicative of malicious intent.
  • Credentials: The code checks for environment variables that typically contain sensitive information, indicating a potential risk for credential harvesting.
  • Metadata: The repository is new with no activity metrics, and the maintainer has only one package on PyPI, raising some suspicion.

πŸ“¦ Package Quality Overall: Medium (5.6/10)

β—ˆ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/aryan5v/AgentProp#readme
  • Detailed PyPI description (11563 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 510 type-annotated function signatures detected in source
β—ˆ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 92 commits in aryan5v/AgentProp
  • Two distinct contributors found

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • max_tokens request = urllib.request.Request( f"{self.base_url}/chat/completions",
  • try: with urllib.request.urlopen(request, timeout=self.timeout_s) as response:
⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • ature_dim) self.model.eval() with self.torch.no_grad(): logits = se
  • Model:** `{model}` **Date:** {__import__('datetime').date.today()} **Tasks:** {n} multi-hop QA questions (`bench
⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • try: proc = subprocess.run( [sys.executable, str(tmp_path)],
  • try: completed = subprocess.run( command, cwd=resolved_cwd,
  • try: completed = subprocess.run( [sys.executable, "-I", str(script)],
  • try: process = subprocess.Popen( list(command), cwd=str(cwd)
  • env=run_env, shell=True, check=False, capture_output=True,
⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • iron.get("GEMINI_API_KEY") or os.environ.get("TOKEN_ROUTER_API_KEY") if not api_key: sys.ex
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository created very recently: 6 day(s) ago (2026-05-31T17:25:06Z)

  • Repository created very recently: 6 day(s) ago (2026-05-31T17:25:06Z)
  • Repository has zero stars and zero forks
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AgentProp contributors" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with agentprop 
Develop a mini-application named 'WorkflowDirector' using the Python package 'agentprop', which facilitates the management and visualization of complex AI-agent workflows. This application will serve as a powerful tool for developers and researchers to design, test, and optimize their agent-based systems visually. Here’s a step-by-step guide on how to build it:

1. **Setup**: Begin by installing the necessary packages including 'agentprop'. Ensure your environment is set up to support graphical interfaces for visualization.
2. **Design the Workflow Editor**: Create a user-friendly interface where users can drag-and-drop different AI agents onto a canvas. Each agent should have properties like name, type, and specific parameters.
3. **Define Interactions**: Implement functionality within 'agentprop' to define how these agents interact with each other. Users should be able to draw directed edges between agents to represent interactions or dependencies.
4. **Visualization**: Utilize 'agentprop' to dynamically visualize the workflow graph. As changes are made in the editor, the graph should update in real-time to reflect new connections and agent properties.
5. **Simulation Mode**: Add a feature to simulate the workflow. Users should be able to run the workflow through 'agentprop', observing how data flows between agents based on the defined interactions.
6. **Export/Import Workflows**: Enable users to save their workflow designs into files and load them back into the editor for further modifications.
7. **Advanced Features**: Consider adding advanced features such as conditional logic for agent interactions, support for multiple concurrent workflows, and integration with external data sources.
8. **Testing and Optimization**: Provide tools within 'WorkflowDirector' to help users test different scenarios and optimize their workflows for efficiency and performance.

This project leverages 'agentprop' for its core functionalities in managing and visualizing graph structures, making it an essential component in building a robust and intuitive workflow management tool.