agentshim

v0.5.1 suspicious
7.0
High Risk

Provider-agnostic coding-agent CLI shims

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has high credential risk due to potential access to sensitive files and significant shell execution risk which could indicate malicious behavior. While no direct malicious activity was confirmed, these factors raise substantial concerns.

  • High credential risk due to access to sensitive files
  • Significant shell execution risk
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Detected shell execution may indicate unexpected behavior; further investigation is needed to determine if it's benign or malicious.
  • Obfuscation: No obfuscation patterns detected in the provided code snippets.
  • Credentials: High risk of credential harvesting as there are references to sensitive files such as '/etc/passwd' and '~/.aws/credentials'.
  • Metadata: The package shows low maintenance and metadata quality, raising some suspicion but not definitive evidence of malice.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 21 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 21 test file(s) detected (e.g. test_agent_cli_claude.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (10861 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 195 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • rocess group result = subprocess.run( ["/bin/bash", "-i", "-c", "env"], capture_outpu
  • e__).resolve() proc = subprocess.run( [sys.executable, str(hook_path), *roots],
  • ss, deadlocking the parent on subprocess.run().wait(). The probe must therefore always pass stdin=subproc
Credential Harvesting score 10.0

Found 4 credential access pattern(s)

  • "tool_input": {"file_path": "/etc/passwd"}}, [str(tmp_path)], ) assert r
  • n"] == "deny" assert "/etc/passwd" in hso["permissionDecisionReason"] def test_hook_hand
  • "], deny_read=["~/.aws/credentials"], ) payload = build_claude_sandbox_setting
  • /tmp/build"], "denyRead": ["~/.aws/credentials"]} def test_network_allowed_domains(self): cfg
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentshim 
Create a Python-based command-line utility named 'AgentRunner' that leverages the 'agentshim' package to manage and interact with various agent services in a provider-agnostic manner. Your task is to design a tool that simplifies the deployment, management, and interaction with different agent services across multiple cloud providers without needing to write provider-specific code.

The 'AgentRunner' utility should support the following functionalities:
1. List all available agent services across supported cloud providers.
2. Deploy a new agent service instance on any supported provider based on user input.
3. Retrieve the status of an existing agent service instance.
4. Execute commands or tasks on an agent service instance.
5. Terminate an agent service instance when it's no longer needed.

To accomplish these tasks, you will need to utilize the 'agentshim' package's core capabilities, which include abstracting away the differences between various cloud provider APIs, handling authentication securely, and providing a consistent interface for interacting with agent services. Ensure your application is modular and well-documented, making it easy for others to extend its functionality to support additional providers or agent types.

Your implementation should demonstrate best practices in Python development, including proper error handling, logging, and usage of the argparse library for command-line argument parsing.