agentworks-cli

v0.6.0 suspicious
5.0
Medium Risk

CLI for orchestrating workspace lifecycle across multiple compute targets

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some potential risks that require further investigation, particularly concerning its network and shell execution behaviors, which could indicate legitimate use but also pose significant security threats.

  • Network calls without clear documentation
  • Execution of shell commands, possibly with elevated privileges
Per-check LLM notes
  • Network: The network calls appear to be related to making HTTP requests, possibly for API interactions or updates, but lack of clear documentation may raise suspicion.
  • Shell: Execution of shell commands, especially with elevated privileges, could indicate legitimate functionality like running system checks or configuration changes, but also poses a risk if misused for unauthorized actions.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The usage of getpass suggests the package is prompting for sensitive information securely, likely for authentication purposes.
  • Metadata: Low risk, but new maintainer and lack of PyPI classifiers suggest low effort or inactivity.

📦 Package Quality Overall: Medium (5.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (29008 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 650 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 100 commits in WayfarerLabs/agentworks
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • data).encode() req = urllib.request.Request(url, data=body, method=method) req.add_heade
  • try: with urllib.request.urlopen(req, context=self._ssl_ctx) as resp:
  • ass _StripAuthRedirectHandler(urllib.request.HTTPRedirectHandler): """Strip Authorization header when
  • t( self, req: urllib.request.Request, fp: object, code: int, msg:
  • newurl: str, ) -> urllib.request.Request | None: new_req = super().redirect_request(r
  • turn new_req _blob_opener = urllib.request.build_opener(_StripAuthRedirectHandler) def _wsl(args: lis
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • g try: result = subprocess.run( ["tailscale", "status"], capture_ou
  • try: result = subprocess.run( args, capture_output=True,
  • gs.append(command) return subprocess.call(args) def run_as_root( target: SSHTarget | ExecTarget,
  • gs.append(dest) result = subprocess.run(args, capture_output=True, text=True, encoding="utf-8", erro
  • tr(local_path)) result = subprocess.run(args, capture_output=True, text=True, encoding="utf-8", erro
  • nd] try: result = subprocess.run( args, capture_output=True, text=True, encoding=
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • True: value = getpass.getpass(f"{label}: ") if value.strip():
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository WayfarerLabs/agentworks appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Scot Hastings (Wayfarer Labs)" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentworks-cli 
Create a Python-based command-line tool named 'WorkspaceOrchestrator' that leverages the 'agentworks-cli' package to manage workspaces across different cloud providers such as AWS, GCP, and Azure. This tool should allow users to easily create, start, stop, and delete workspaces. Additionally, it should support the deployment of pre-defined scripts or applications to these workspaces, allowing for automated setup processes.

### Features:
1. **Workspace Management**: Users should be able to create new workspaces, start existing ones, stop them when not in use, and delete them once they're no longer needed.
2. **Multi-Cloud Support**: The tool must support at least three major cloud providers (AWS, GCP, Azure).
3. **Script Deployment**: Users should be able to specify a script or application to deploy to the workspace during creation or after starting it. This could include setting up a development environment, deploying a web application, or configuring a database server.
4. **Configuration Management**: Implement a simple configuration file system where users can store their API keys, preferred cloud provider settings, and other necessary configurations.
5. **Logging and Monitoring**: Integrate basic logging and monitoring capabilities so users can track the status of their workspaces and any errors that occur during operations.

### Utilization of 'agentworks-cli':
- Use 'agentworks-cli' to handle the orchestration of workspace lifecycle actions across different cloud providers. This includes invoking the appropriate commands to create, start, stop, and delete workspaces based on user input.
- Leverage 'agentworks-cli' to manage the deployment of scripts or applications to the workspaces, ensuring they run correctly on the target environment.
- Employ 'agentworks-cli' to facilitate seamless interactions between the local command-line interface and remote cloud environments, providing a consistent and efficient user experience.