agenttap

v0.1.0 suspicious
5.0
Medium Risk

Wire-level prompt introspection for LLM SDK calls. See exactly what was sent, with credentials redacted by default. Anthropic, OpenAI, any httpx-based client.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate network risk and high metadata risk due to unusual repository activity. While it does not exhibit signs of immediate harm, the irregularities warrant further scrutiny.

  • High metadata risk due to suspicious git repository activity and new maintainer history.
  • Moderate network risk as it integrates with external APIs.
Per-check LLM notes
  • Network: The package accepts custom HTTP clients and integrates with external APIs like Anthropic and OpenAI, which is common for API interaction but should be monitored for unexpected usage.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: High risk due to suspicious git repository activity and new maintainer history.

📦 Package Quality Overall: Low (4.6/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_tap.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3081 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 17 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 3 commits in MukundaKatta/agenttap
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • accept a custom `http_client=httpx.Client(...)` argument; pass one constructed with `Tap().transport()
  • thropic.Anthropic(http_client=httpx.Client(transport=t.transport())) client.messages.create(...
  • t = openai.OpenAI(http_client=httpx.Client(transport=t.transport())) """ def __init__(self, re
  • port(echo_handler) return httpx.Client(transport=tap.transport(parent=parent)) def test_records_r
  • ession() as sub: with httpx.Client( transport=sub.transport(parent=httpx.MockTransp
  • sport(handler) async with httpx.AsyncClient(transport=t.async_transport(parent=parent)) as client:
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 7.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Single contributor with only 3 commit(s) — possibly throwaway account
  • All 3 commits happened within 24 hours
Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "MukundaKatta" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agenttap 
Create a Python-based mini-application that serves as a user-friendly interface for monitoring and analyzing interactions between a user and an AI language model. This application will use the 'agenttap' package to provide wire-level prompt introspection for LLM SDK calls, allowing users to see exactly what prompts were sent to the AI model while automatically redacting sensitive information like API keys or personal data. The application should support at least two different AI models, such as Anthropic Claude and OpenAI's GPT series.

### Core Features:
1. **User Interface**: Develop a simple command-line interface (CLI) where users can input their queries and receive responses from the AI model.
2. **Prompt Logging**: Utilize 'agenttap' to log all the prompts sent to the AI model, including details about the request and response times.
3. **Credential Management**: Implement a secure way to manage API keys and other sensitive information, ensuring they are never exposed in logs or displayed output.
4. **Response Analysis**: Provide basic analysis of the responses, such as word count, sentiment score, and keyword extraction.
5. **Customizable Models**: Allow users to switch between supported AI models easily without needing to restart the application.
6. **Real-time Monitoring**: Display real-time insights into the interaction process, such as latency times and response status codes.

### How 'agenttap' is Used:
- Initialize 'agenttap' within your application to intercept and log all outgoing requests made by the LLM SDKs to the AI models.
- Use 'agenttap' to automatically redact any sensitive information from the logged prompts before storing them or displaying them to the user.
- Leverage 'agenttap' for troubleshooting by providing detailed insights into the exact prompts being sent and received during interactions with the AI models.