agentshive-sdk

v0.9.4 suspicious
6.0
Medium Risk

Connect your machine to AgentsHive — auto-detects CLI agents, runs as a background daemon

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high shell risk due to the ability to execute arbitrary commands and Python code, which could lead to unauthorized access or code execution. However, it lacks obfuscation and does not appear to harvest credentials.

  • High shell risk (8/10)
  • Missing repository and maintainer details
Per-check LLM notes
  • Network: Network calls to external servers may be legitimate if the package is designed for API interactions, but should be verified against official documentation.
  • Shell: Execution of arbitrary commands and Python code can pose significant security risks, indicating potential for unauthorized system access or code execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The repository not being found and the maintainer's author name being missing or very short raises some concerns, but there's no clear evidence of malice.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 26 test file(s) found

  • Test runner config found: pyproject.toml
  • 26 test file(s) detected (e.g. test_api.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9916 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 175 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • aders) self._client = httpx.AsyncClient( base_url=self._base, headers=self._headers, tim
  • onfig) resp = httpx.get( config.server_url,
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • OUP try: subprocess.Popen( cmd, stdin=subprocess.DEVNU
  • .sleep(0.5)" ) proc = subprocess.Popen( [sys.executable, "-c", code], stdin=subproc
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: agenthive.ai>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentshive-sdk 
Create a Python-based monitoring tool named 'AgentWatch' using the 'agentshive-sdk' package. This tool will serve as a comprehensive interface to monitor and manage CLI agents running on a local machine or network. The application should be able to perform the following tasks:

1. **Initialization**: On startup, the application should initialize the 'agentshive-sdk' connection to automatically detect all available CLI agents.
2. **Agent Discovery**: Once connected, the tool should display a list of all detected agents, including their status (online/offline), type, and last activity timestamp.
3. **Real-Time Monitoring**: Implement real-time monitoring where any change in the agent's status (e.g., going offline or coming back online) triggers an update in the displayed information.
4. **Command Execution**: Allow users to send commands to specific agents via the GUI interface. Ensure that commands are executed only if the target agent is online.
5. **Custom Notifications**: Integrate custom notification features where users can set up alerts for specific events such as when an agent goes offline or when certain commands fail.
6. **Logging & Reporting**: Maintain a log of all interactions with the agents, including command execution details and status changes. Provide a report generation feature that compiles these logs into a readable format.
7. **Background Daemon Operation**: Utilize the 'agentshive-sdk' package's ability to run as a background daemon. Ensure that AgentWatch continues to function even when the main application window is closed or the user switches to another task.

The 'agentshive-sdk' package should be utilized primarily for initializing the connection to the agents, detecting them, and handling real-time updates. Additionally, explore how the package's background daemon functionality can be leveraged to ensure continuous monitoring without requiring constant user interaction.