agentra

v0.4.2 suspicious
6.0
Medium Risk

Enterprise AI Engineering Control Plane — secure, token-optimized, context-aware governance for coding agents.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate to high risk due to potential shell execution and code obfuscation techniques, which can be exploited for malicious activities. However, it lacks clear credential harvesting patterns and network calls.

  • High shell risk
  • Moderate obfuscation risk
Per-check LLM notes
  • Network: No network calls were detected, which is neutral.
  • Shell: Detection of shell execution patterns may indicate potential security risks such as executing arbitrary commands, which could be used for malicious purposes.
  • Obfuscation: The presence of eval(), exec(), and base64 suggests potential for code injection and obfuscation, indicating a moderate risk.
  • Credentials: No clear patterns for harvesting credentials were detected, suggesting low risk.
  • Metadata: The package has no associated GitHub repository and the maintainer's information is sparse, indicating potential unreliability.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 14 test file(s) found

  • Test runner config found: pyproject.toml
  • 14 test file(s) detected (e.g. test_adapters.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (26688 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 300 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 5 obfuscation pattern(s)

  • shell"), (r"eval\s*\(", "eval() usage"), (r"exec\s*\(", "exec() usage"), (r"base64
  • iew them, then execute. Avoid eval() and exec().", # noqa: E501 compliance=[Compliance
  • test.mark.skipif( not __import__("importlib").util.find_spec("sklearn"), reason="scikit-learn not
  • n" # VULN-002 "obj = pickle.loads(user_data)\n" # VULN-008 "config = yaml.load(f)\n"
  • ust one line "x = pickle.loads(data)\n", encoding="utf-8", ) en
Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • ") try: result = subprocess.run( # noqa: S603 command, shell=True,
  • try: result = subprocess.run( # noqa: S602 request.command,
  • -r", str(req)] proc = subprocess.run( # noqa: S603 cmd, capture_output=T
  • = [] try: proc = subprocess.run( # noqa: S603 ["npm", "audit", "--json"], # no
  • = [] try: proc = subprocess.run( # noqa: S603 ["cargo", "audit", "--json"], #
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: yahoo.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentra 
Your task is to develop a mini-application that leverages the 'agentra' package to manage and govern AI coding agents within an enterprise environment. This application will serve as a control plane, ensuring secure, optimized, and context-aware operations of these agents. Here are the steps and features you should implement:

1. **Project Setup**: Initialize a new Python project and install the 'agentra' package. Ensure all dependencies are properly managed.
2. **Agent Registration**: Create a feature where users can register their AI coding agents. Each registration should include details such as agent name, purpose, and the type of coding tasks it performs.
3. **Token Management**: Implement a secure token management system for each registered agent. Tokens should be optimized for performance and securely stored.
4. **Context Awareness**: Develop a module that allows agents to operate based on specific contexts. For example, if an agent is working on a security-sensitive project, it should have access to certain tokens but not others.
5. **Governance Dashboard**: Build a dashboard where administrators can monitor the activities of all registered agents. Include features like activity logs, performance metrics, and alerts for suspicious activities.
6. **Security Measures**: Integrate robust security measures to protect against unauthorized access and data breaches. This includes encryption, multi-factor authentication, and regular audits.
7. **User Interface**: Design a user-friendly interface for both administrators and end-users. Ensure the UI is intuitive and provides easy navigation.
8. **Documentation**: Provide comprehensive documentation for setting up the application, using its features, and troubleshooting common issues.

Utilize the 'agentra' package throughout your development process to ensure that your application adheres to best practices in AI engineering governance. Your final product should demonstrate a deep understanding of how 'agentra' enhances the functionality and security of AI coding agents.