agentspan

v0.1.10 suspicious
7.0
High Risk

Agentspan SDK — durable, scalable, observable AI agents

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks due to its ability to make network calls and execute shell commands, which could be exploited for malicious purposes. However, there is no direct evidence of malicious intent.

  • High network risk
  • High shell risk
Per-check LLM notes
  • Network: The presence of network calls suggests the package may communicate with external endpoints, potentially for data exchange.
  • Shell: Direct execution of system commands and use of shell=True indicate high risk as it can lead to arbitrary code execution.
  • Obfuscation: The use of cloudpickle and base64 for decoding payloads suggests potential obfuscation or code execution risks.
  • Credentials: No clear patterns indicating credential harvesting were found.
  • Metadata: The package has some red flags, such as an author with no name and a new or inactive account, but there are no clear signs of typosquatting or malicious intent.

📦 Package Quality Overall: Low (3.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (26002 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 401 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ncode("utf-8") req = urllib.request.Request(self.endpoint, data=payload, headers=headers, method
  • try: with urllib.request.urlopen(req, timeout=self.timeout + 5) as resp:
  • on stderr.""" response = urllib.request.urlopen(url) total = int(response.headers.get("Content-L
  • t"] = auth_secret requests.post(url, json=event, headers=headers, timeout=5) except
  • ta, } requests.post(url, json=body, headers=headers, timeout=5) except E
  • rkflow_task_id resp = requests.post(url, json=body, headers=headers, timeout=5) if resp.
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • cloudpickle, base64 payload = base64.b64decode(sys.stdin.buffer.read()) env, fn, args, kwargs = cloudpickle
  • put") result_bytes = base64.b64decode(stdout) status, value = cloudpickle.loads(result_byt
  • } try: return eval(annotation, ns) # noqa: S307 except Exception:
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • [\"'](\S+?)[\"']"), # os.system("cmd ...") / os.popen("cmd ...") re.compile(r"os\.(?
  • # os.system("cmd ...") / os.popen("cmd ...") re.compile(r"os\.(?:system|popen)\(\s*[\"
  • ) result = subprocess.run( cmd_str, shell=True
  • lse: result = subprocess.run( [command] + [str(a) for a in args],
  • PYTHON_PATTERNS = [ # subprocess.run(["cmd", ...]) / subprocess.call(["cmd", ...]) etc. r
  • ubprocess.run(["cmd", ...]) / subprocess.call(["cmd", ...]) etc. re.compile(r"subprocess\.\w+\(\s*
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentspan 
Create a fully-functional mini-application that leverages the 'agentspan' package to manage and orchestrate a fleet of AI agents for processing large datasets in real-time. Your application should demonstrate the following functionalities:

1. **Agent Deployment**: Automatically deploy AI agents based on the incoming dataset size and complexity.
2. **Scalability**: Show how your app dynamically scales the number of agents as the workload increases or decreases.
3. **Observability**: Implement logging and monitoring features to track the performance and health of each agent.
4. **Durable Processing**: Ensure that the system can resume processing from where it left off in case of failures.
5. **Real-Time Feedback**: Provide a dashboard or interface where users can monitor the progress and results of the processing tasks in real-time.
6. **Customizable Workflows**: Allow users to define different workflows for different types of data processing tasks.

Your task is to design and implement this application using Python and the 'agentspan' package. Start by setting up the environment and installing necessary packages. Then, create a basic structure for your application, including classes and functions that will interact with the 'agentspan' SDK. Next, implement the core functionalities listed above. Finally, write tests to ensure that each feature works as expected and document your code thoroughly. The goal is to showcase the capabilities of 'agentspan' while building a useful tool for managing AI-driven data processing tasks.