agents-md-sync

v1.0.1 suspicious
5.0
Medium Risk

Centralize global AI agent instructions into one AGENTS.md file.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to potential shell command manipulation risks and the maintainer's lack of experience, which may indicate insufficient security practices.

  • Shell execution poses a risk if commands are manipulated.
  • Maintainer has only one package and lacks PyPI classifiers.
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution is primarily used for editing configuration files and git operations which seem benign, but could pose risks if commands are manipulated.
  • Metadata: The maintainer has only one package and lacks PyPI classifiers, suggesting low effort or inexperience.

📦 Package Quality Overall: Low (3.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3728 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 42 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • `agents-md-sync edit`.") subprocess.run([editor, str(config.source)], check=False) """`agents-md-sy
  • ] try: result = subprocess.run(command, check=True, text=True, capture_output=True) exc
  • ) if not dry_run: subprocess.run(command, check=True) def _git_remote_url(repo_dest: Path)
  • ne: try: result = subprocess.run( ["git", "-C", str(repo_dest), "remote", "get-ur
  • if not dry_run: subprocess.run(command, check=True) def _status(repo_dest: Path) -> str:
  • t: Path) -> str: result = subprocess.run( ["git", "-C", str(repo_dest), "status", "--porcelai
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Leynier Gutiérrez González" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agents-md-sync 
Create a mini-application called 'AgentCentral' that leverages the 'agents-md-sync' Python package to manage and synchronize AI agent instructions across multiple platforms. This application should serve as a central hub where users can add, edit, and delete instructions for their AI agents, all stored in a single AGENTS.md file. Here’s a detailed breakdown of the steps and features your application should include:

1. **Setup and Configuration**: Start by setting up a virtual environment and installing the 'agents-md-sync' package. Ensure the application has a configuration file where users can specify the path to their AGENTS.md file.

2. **User Interface**: Design a simple yet intuitive command-line interface (CLI) that allows users to interact with the AGENTS.md file. The CLI should have commands such as `add`, `edit`, `delete`, and `list` to manage instructions.

3. **Adding Instructions**: Implement a feature where users can add new instructions to the AGENTS.md file. These instructions should include details like the agent's name, purpose, and specific actions it needs to perform.

4. **Editing Instructions**: Allow users to edit existing instructions within the AGENTS.md file. This could involve updating the agent's name, purpose, or actions.

5. **Deleting Instructions**: Provide functionality to remove outdated or no longer needed instructions from the AGENTS.md file.

6. **Listing Instructions**: Enable users to view all current instructions stored in the AGENTS.md file through a listing command.

7. **Synchronization**: Utilize the 'agents-md-sync' package to ensure that any changes made to the AGENTS.md file are automatically synchronized across different environments or platforms where the same file might exist.

8. **Error Handling and Validation**: Implement error handling to catch and report any issues during file operations, such as invalid paths or syntax errors in the AGENTS.md file. Also, validate user inputs to prevent common mistakes like adding duplicate instructions.

9. **Documentation**: Write comprehensive documentation detailing how to install and use AgentCentral, including examples of how to manage AI agent instructions effectively.

By following these steps and incorporating these features, you will create a robust and user-friendly tool that simplifies the management of AI agent instructions using the 'agents-md-sync' package.