agex-cli

v0.29.1 suspicious
5.0
Medium Risk

Agent-operated developer-experience CLI — deterministic per-backend markdown briefings for autonomous agents.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to its high shell execution risk and custom redirect handler, which could be exploited for malicious purposes.

  • High shell risk due to execution of git commands without input sanitization.
  • Custom redirect handler indicating potential manipulation of network traffic.
Per-check LLM notes
  • Network: The use of custom redirect handler may indicate attempts to control network traffic flows, which could be used for bypassing security measures or redirecting traffic.
  • Shell: Execution of git commands suggests interaction with version control systems, but without proper sanitization of inputs, it poses a risk for potential command injection attacks.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating safe handling of sensitive information.
  • Metadata: Low risk due to lack of suspicious flags, but author has only one package and no classifiers, indicating potential low activity or maintenance.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 2 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1190 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 191 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 72 commits in agentculture/devex
  • Single author but highly active (72 commits)

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • d) class _NoRedirectHandler(urllib.request.HTTPRedirectHandler): """Refuse to follow redirects.
  • h our refusing one. _OPENER = urllib.request.build_opener(_NoRedirectHandler) def is_discord_url(url: s
  • encode("utf-8") req = urllib.request.Request( url, data=body,
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • trusted input. proc = subprocess.Popen( # nosec B603 argv, cwd=str(cwd),
  • t. """ paths_staged = subprocess.run( ["git", "diff", "--staged", "--name-only"],
  • tlines() paths_unstaged = subprocess.run( ["git", "diff", "--name-only"], capture_out
  • s = last_read["ts"] out = subprocess.run( ["git", "log", f"--since={ts}", "--pretty=%H"],
  • ro exit. """ result = subprocess.run( # nosec B603 - args are constructed from typed callers
  • clearly. """ result = subprocess.run( # nosec B603 - fixed argv, no user input ["git", "
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository agentculture/devex appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Ori Nachum" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agex-cli 
Create a command-line utility named 'AgentBrief' that leverages the 'agex-cli' package to generate and manage markdown briefings for various autonomous agents. This utility will serve as a tool for developers to interact with their agents in a structured way, ensuring that each agent receives clear, concise instructions and feedback tailored to its specific backend system.

### Project Goals:
1. **Setup**: Begin by installing the 'agex-cli' package and setting up a basic CLI interface using Python's argparse module.
2. **Briefing Generation**: Implement functionality within 'AgentBrief' to create markdown briefings based on user input. These briefings should include sections for task descriptions, expected outcomes, and any necessary context or parameters.
3. **Backend Integration**: Utilize 'agex-cli' to ensure that these briefings are deterministic and backend-specific, meaning that the same briefing could be interpreted differently depending on the backend environment of the target agent.
4. **Feedback Loop**: Incorporate a feature where users can provide feedback on the performance of the agent after it has completed tasks based on the briefings. This feedback should also be recorded in markdown format and linked back to the original briefing.
5. **Reporting**: Develop a reporting function that compiles all briefings and feedback into a comprehensive report. This report should summarize the effectiveness of the briefings and highlight any areas for improvement.
6. **User Interface Enhancements**: Improve the CLI interface to allow for easy navigation and management of briefings and feedback through commands like 'list', 'view', 'edit', and 'delete'.
7. **Documentation and Testing**: Finally, write detailed documentation for 'AgentBrief' and conduct thorough testing to ensure reliability and usability.

### Key Features:
- **Markdown Briefings**: Create and manage markdown files that contain structured information for autonomous agents.
- **Deterministic Backend Support**: Ensure that briefings are correctly formatted and interpreted according to the backend environment of the target agent.
- **Interactive Feedback**: Allow users to provide and view feedback on the performance of agents, linking back to specific briefings.
- **Comprehensive Reporting**: Compile and analyze data from briefings and feedback to generate actionable insights.
- **CLI Navigation**: Offer intuitive command options for managing briefings and feedback.

### Utilizing 'agex-cli':
- Use 'agex-cli' to handle the generation and interpretation of markdown briefings, leveraging its ability to create backend-specific content.
- Integrate 'agex-cli' commands into 'AgentBrief' to streamline the briefing process and ensure consistency across different backend systems.
- Explore additional functionalities provided by 'agex-cli' to enhance the capabilities of 'AgentBrief', such as advanced formatting options or integration with other tools.