agentrules

v4.2.0 safe
3.0
Low Risk

AGENTS.md/CLAUDE.md generator and ExecPlan harness for coding agents

🤖 AI Analysis

Final verdict: SAFE

The package shows minimal risk with no network calls, no obfuscation, and no credential harvesting. The shell execution could be a concern, but it appears to be used for legitimate purposes like version checking.

  • Shell risk due to version checking
  • Low activity maintainer
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires external communications.
  • Shell: Executing shell commands to check versioning can be legitimate but should be scrutinized for unexpected behaviors or permissions escalation.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret theft.
  • Metadata: The maintainer has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (3.2/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (23583 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 225 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • try: completed = subprocess.run( [executable_path, "--version"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "trevor-nichols" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentrules 
Build a simple Python application using the agentrules package to demonstrate its core features.