agentvend-service-sdk

v0.0.6 suspicious
4.0
Medium Risk

AgentVend SDK - verify HMAC, validate keys, report usage, progress, completion

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential misuse, particularly concerning obfuscation techniques and lack of metadata transparency. However, it does not exhibit definitive malicious behavior.

  • Obfuscation risk at 4/10 due to use of __import__ and obfuscation
  • Sparse metadata and lack of a GitHub repository
Per-check LLM notes
  • Network: The observed network patterns are typical for SDKs that interact with remote services, indicating normal API calls.
  • Shell: No shell execution patterns were detected, suggesting no immediate risk of local command execution.
  • Obfuscation: The use of __import__ and obfuscation of 'secret' is suspicious but could be used for legitimate purposes such as dynamic imports or protecting code from casual inspection.
  • Credentials: No clear evidence of credential harvesting detected.
  • Metadata: The package has no associated GitHub repository and the maintainer's information is sparse, raising some concerns.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 5 test file(s) found

  • Test runner config found: pyproject.toml
  • 5 test file(s) detected (e.g. test_agent_vend_client.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://agentvend.ai/docs
  • Detailed PyPI description (6275 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 54 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • units} sess = session or requests.Session() resp = sess.post( url, json=body,
  • atus") sess = session or requests.Session() resp = sess.get(url, headers={"Authorization": f"Bear
  • sult") sess = session or requests.Session() resp = sess.get(url, headers={"Authorization": f"Bear
  • /json" sess = session or requests.Session() try: resp = sess.request(m, url, data=payloa
  • ecret) sess = session or requests.Session() resp = sess.post( base_url, data=bo
  • refix) sess = session or requests.Session() resp = sess.post( url, data=body_st
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ecret) sess = session or __import__("requests").Session() resp = sess.post( base_url,
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: agentvend.ai>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentvend-service-sdk 
Create a Python-based mini-application named 'AgentVendUsageTracker' which will utilize the 'agentvend-service-sdk' package to manage and track the usage of various services provided by AgentVend. This application will serve as a tool for developers to ensure they are compliant with AgentVend's service agreements by verifying HMAC signatures, validating API keys, reporting usage statistics, and tracking the progress and completion of tasks.

### Application Requirements:
1. **User Authentication:** Implement a simple user authentication mechanism using API keys. Users must provide their API key upon login, which will be validated using the 'agentvend-service-sdk'.
2. **Service Verification:** Once authenticated, users should be able to verify the integrity of incoming data by checking HMAC signatures on messages received from AgentVend services.
3. **Usage Reporting:** The app should allow users to manually input or automatically log their usage of different services. This data should then be reported back to AgentVend according to their guidelines.
4. **Progress Tracking:** Integrate functionality to track the progress of ongoing tasks. Users should be able to mark tasks as started, in-progress, or completed, and this information should be communicated to AgentVend.
5. **Completion Notification:** Upon task completion, the application should notify both the user and AgentVend about the successful completion of the task.
6. **Error Handling:** Implement robust error handling to manage invalid inputs, failed validations, and communication issues with AgentVend.
7. **User Interface:** Develop a simple command-line interface (CLI) for interacting with the application. Ensure the CLI provides clear feedback and instructions to the user.
8. **Documentation:** Provide comprehensive documentation explaining how to install and use the application, including examples of common use cases.

### Utilization of 'agentvend-service-sdk':
- Use the 'verify_hmac' function to check the integrity of incoming data.
- Employ the 'validate_key' method to authenticate users based on their API keys.
- Leverage the 'report_usage' feature to send usage logs to AgentVend.
- Utilize the 'progress_update' and 'completion_notification' functions to inform AgentVend about the status of tasks.

This project aims to streamline the interaction between developers and AgentVend services, ensuring compliance and efficient usage tracking.