agentrix-relay

v0.2.1 suspicious
5.0
Medium Risk

WebSocket + REST relay for Agentrix. Routes IDE <-> mobile <-> core.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to network interactions and shell command execution, which could be legitimate but also indicative of potential unauthorized actions. Additionally, low metadata quality raises concerns about its legitimacy.

  • moderate network risk
  • shell command execution
  • low metadata quality
Per-check LLM notes
  • Network: The observed network calls could be legitimate if the package is designed to interact with external services, but they may also indicate unauthorized data transmission.
  • Shell: Executing shell commands like modifying git remote URLs might be part of a deployment process, but it can also signify attempts to alter repository configurations, potentially for malicious purposes.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code appears to be retrieving credentials for GitHub API access, which is common practice but should ensure proper handling and security measures.
  • Metadata: The package shows signs of low maintenance and potential lack of transparency, raising concerns about its legitimacy.

📦 Package Quality Overall: Low (3.8/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Brief PyPI description (383 chars)
◈ Medium Contributing Guide 7.0

Some contribution signals present

  • Governance file: security.py
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 119 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • try: with urllib.request.urlopen(endpoint, timeout=3.0) as resp: # noqa: S310 - user
  • ccess_tokens" async with httpx.AsyncClient() as client: res = await client.post(
  • er_page = 100 async with httpx.AsyncClient() as client: while True: res = await c
  • page = 1 async with httpx.AsyncClient() as client: while True: res = await c
  • configured") async with httpx.AsyncClient() as client: res = await client.post(
  • tch user info async with httpx.AsyncClient() as client: user_res = await client.get(
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • one try: proc = subprocess.run( ["git", "remote", "get-url", "origin"],
  • import re proc = subprocess.run( ["git", "remote", "get-url", "origin"],
  • {repo_slug}.git" subprocess.run( ["git", "remote", "set-url", "origin", aut
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • turn github_token return os.environ.get("GITHUB_TOKEN") or os.environ.get("GH_TOKEN") or "" """GitHub OAuth hel
  • token = github_token or os.environ.get("GITHUB_TOKEN", "") data_dir = Path(os.environ.get("AGENTRIX_DATA_DI
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentrix-relay 
Build a simple Python application using the agentrix-relay package to demonstrate its core features.