agentvault-memory

v1.1.0 suspicious
7.0
High Risk

Unified memory layer that consolidates history from all your AI coding agents — searchable by humans (Obsidian) and by AI (MCP).

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows a high risk of credential harvesting and a suspicious non-HTTPS link, suggesting potential malicious intent or supply-chain attack.

  • High credential risk (8/10)
  • Suspicious metadata with non-HTTPS link
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package's functionality requires external communications.
  • Shell: No shell execution patterns detected, indicating no immediate risk from command execution.
  • Obfuscation: No signs of obfuscation techniques were detected.
  • Credentials: The observed patterns suggest potential attempts to access sensitive files, indicating a high risk of credential harvesting.
  • Metadata: Suspicious non-HTTPS link found, but no other red flags.

📦 Package Quality Overall: Medium (6.0/10)

✦ High Test Suite 9.0

Test suite present — 26 test file(s) found

  • 26 test file(s) detected (e.g. test_aider.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/sauravkalia/agentvault#readme
  • Detailed PyPI description (18036 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 171 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 40 commits in sauravkalia/agentvault
  • Single author but highly active (40 commits)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • = {"vault_dir": "/tmp/../../../etc/passwd"} defaults = get_default_config() result = _validate_co
  • sanitize_path_component("../../etc/passwd") assert "/" not in result assert "\\" not in resul
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:3777
Git Repository History

Repository sauravkalia/agentvault appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Saurav Kalia" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentvault-memory 
Create a Python-based mini-application that integrates the 'agentvault-memory' package to manage and search through historical data from various AI coding agents. Your application should allow users to not only store but also retrieve and search through this historical data efficiently. Here are the key features you should include:

1. **Data Storage**: Implement functionality to store historical data from different AI coding agents into the unified memory layer provided by 'agentvault-memory'. This data could include snippets of code, comments, or any other relevant information.
2. **Search Functionality**: Enable both human-readable and machine-readable searches on the stored data. Users should be able to query the database using natural language queries (for human readability), while also allowing AI-driven queries to extract specific pieces of information.
3. **Integration with Obsidian**: Ensure that the application can integrate with Obsidian for human-readable searches, allowing users to view and interact with the stored data in a user-friendly manner.
4. **AI Query Interface**: Provide an interface where AI systems can query the database using structured queries or natural language processing (NLP) techniques to extract insights or specific pieces of information from the stored data.
5. **User Interface**: Develop a simple yet effective command-line interface (CLI) for interacting with the application. This CLI should support basic commands like adding new entries, searching for entries, and viewing entry details.
6. **Security Measures**: Incorporate basic security measures such as data encryption at rest and in transit to protect the integrity and confidentiality of the stored data.
7. **Documentation**: Write comprehensive documentation that explains how to use the application, including setup instructions, usage examples, and API documentation if applicable.

To utilize the 'agentvault-memory' package effectively, follow these steps:
- Install the package using pip or any other preferred method.
- Configure the package according to your needs, setting up necessary parameters like storage type, access permissions, etc.
- Utilize the package's APIs to interact with the memory layer, storing and retrieving data as needed.
- Leverage the package's search capabilities to implement powerful querying features within your application.

Your goal is to create a versatile tool that enhances productivity by providing easy access to historical data from multiple AI coding agents.