agentsdk-py

v0.2.0 suspicious
6.0
Medium Risk

A lightweight Python SDK for building AI agents with tools, memory, and multi-agent pipelines — powered by Groq

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple signs of potential risk, including high shell execution risk and credential access risks, suggesting possible malicious intent or poor security practices.

  • High shell risk due to subprocess execution
  • Potential credential exposure through environment variable access
Per-check LLM notes
  • Network: The network calls could be legitimate if the package is designed to communicate with external services.
  • Shell: Executing arbitrary code via subprocess.run poses a significant risk and may indicate potential malicious behavior.
  • Obfuscation: The base64 decoding is a common technique and may be used for legitimate purposes such as data encryption or encoding.
  • Credentials: The code snippet suggests that the package accesses environment variables which might contain sensitive information like tokens, indicating potential risk for unauthorized access or misuse.
  • Metadata: The package has a missing or very short author name and the maintainer seems to be new or inactive, raising some suspicion.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 4 test file(s) found

  • Test runner config found: pyproject.toml
  • 4 test file(s) detected (e.g. test_integration.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://vishwa0198.github.io/agentsdk
  • Detailed PyPI description (3626 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 129 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • try: async with httpx.AsyncClient(timeout=10.0) as client: if method.upper() == "
  • lt branch.""" async with httpx.AsyncClient(timeout=10.0) as client: try: resp = a
  • r 'closed'" async with httpx.AsyncClient(timeout=10.0) as client: try: resp = a
  • N required" async with httpx.AsyncClient(timeout=10.0) as client: try: resp = a
  • epository.""" async with httpx.AsyncClient(timeout=10.0) as client: try: resp = a
  • try: async with httpx.AsyncClient( timeout=15.0, follow_redirects=Tr
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • fore decoding. content = base64.b64decode(encoded.replace("\n", "")).decode(errors="replace") ret
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ry: result = subprocess.run( [sys.executable, "-c", code],
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • dict[str, str]: token = os.environ.get("GITHUB_TOKEN", "") headers: dict[str, str] = { "Accept": "
  • b repository.""" token = os.environ.get("GITHUB_TOKEN", "") if not token: return "Error: GITHUB_TOK
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentsdk-py 
Develop a conversational AI agent using the 'agentsdk-py' package that can engage in meaningful conversations with users about local weather conditions. This application should include the following functionalities:

1. **User Interaction**: The AI agent should be able to start a conversation with the user by asking about their location and then proceed to discuss the current weather conditions.
2. **Weather Information Retrieval**: Utilize an external API (such as OpenWeatherMap) to fetch real-time weather data based on the user's provided location.
3. **Memory Functionality**: Implement a simple memory system where the AI can recall past interactions with the user, such as previously discussed locations or weather-related preferences.
4. **Multi-Agent Collaboration**: Integrate another AI agent that can provide additional information or context related to the weather, like historical data or climate change impacts.
5. **Tool Integration**: Allow the AI to use tools to enhance its responses, such as fetching images of the current weather conditions or summarizing recent weather news articles.
6. **Feedback Loop**: Enable users to give feedback on the accuracy and helpfulness of the weather information provided, which can be used to improve future interactions.

**How 'agentsdk-py' is Utilized**:
- Use 'agentsdk-py' to create the main AI agent responsible for handling user queries and managing the conversation flow.
- Leverage the SDK's memory capabilities to store and retrieve past interactions.
- Employ the multi-agent feature to integrate a second agent for providing supplementary information.
- Incorporate tools within the agents to fetch and utilize external resources like weather APIs and image retrieval services.
- Use the feedback mechanism provided by the SDK to gather user input and improve the AI's performance over time.

Your task is to design and implement this mini-app, ensuring it showcases the full range of 'agentsdk-py's features while delivering a practical and engaging user experience.