agh

v0.2.1 suspicious
5.0
Medium Risk

Self-hosted guidance distribution for coding agents

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse through shell execution and metadata issues, though it does not exhibit clear malicious behavior. Further investigation is recommended.

  • Shell risk due to use of Git commands
  • Metadata risk due to non-HTTPS links and sparse author details
Per-check LLM notes
  • Network: The network patterns suggest the package may be interacting with an API using custom HTTP requests without redirections, which could be legitimate depending on its purpose.
  • Shell: The shell execution patterns indicate the package is using Git commands to interact with version control systems, which might be part of its functionality but also poses a risk if not properly sanitized or controlled.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The presence of non-HTTPS links and an author with minimal details suggests potential risks.

📦 Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present — 23 test file(s) found

  • Test runner config found: pyproject.toml
  • Test runner config found: conftest.py
  • 23 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/giulianotesta7/AgentGuidanceHub#readme
  • Detailed PyPI description (5052 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 519 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 92 commits in giulianotesta7/AgentGuidanceHub
  • Single author but highly active (92 commits)

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • er class _NoRedirectHandler(urllib.request.HTTPRedirectHandler): """Reject redirects so Bearer toke
  • None _NO_REDIRECT_OPENER = urllib.request.build_opener(_NoRedirectHandler) DEFAULT_CONFIG_PATH = Path
  • /api/v1/me.""" request = urllib.request.Request( f"{instance_url}/api/v1/me", header
  • s) class _NoRedirectHandler(urllib.request.HTTPRedirectHandler): """Reject redirects so Bearer toke
  • None _NO_REDIRECT_OPENER = urllib.request.build_opener(_NoRedirectHandler) app = typer.Typer( nam
  • lication/json" request = urllib.request.Request( f"{config.instance_url}/api/v1{path}",
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: completed = subprocess.run( ["git", "rev-parse", "--is-inside-work-tree"],
  • try: completed = subprocess.run( ["git", "check-ignore", "-q", path],
  • try: completed = subprocess.run( ["git", "remote", "get-url", remote],
  • _git(repo: Path) -> None: subprocess.run( ["git", "init"], cwd=repo, check=True, capture_outp
  • ACKAGE"] = package return subprocess.run( ["sh", str(SCRIPT)], env=env, text=
  • V_LOG"] = str(log) return subprocess.run( ["sh"], cwd=cwd, input=SCRIPT.read_
Credential Harvesting

No credential harvesting patterns detected

Typosquatting score 3.0

Possible typosquat of: arq

  • "agh" is 2 edit(s) from "arq"
Registered Email Domain

No author email provided

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8912/api/v1/health
  • Non-HTTPS external link: http://127.0.0.1:8912
Git Repository History

Repository giulianotesta7/AgentGuidanceHub appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agh 
Develop a Python-based code guidance assistant named 'CodeNanny' that leverages the 'agh' package to provide self-hosted, personalized coding advice and recommendations. This application will serve as a tool for developers to improve their coding skills by receiving feedback on their code snippets. Here’s a detailed breakdown of the project requirements:

1. **Setup**: Install the 'agh' package in your Python environment. Ensure you have the necessary dependencies installed.
2. **User Interface**: Design a simple command-line interface (CLI) where users can input their code snippets and receive feedback. Optionally, explore integrating a basic web UI using Flask for a more interactive experience.
3. **Core Functionality**: Utilize 'agh' to analyze the provided code snippets. Implement functionality to suggest improvements based on best practices, performance optimizations, and adherence to coding standards.
4. **Customization Options**: Allow users to customize the types of feedback they receive. For example, they might want to focus only on performance tips or style guides.
5. **Integration with Version Control Systems**: If possible, integrate CodeNanny with common version control systems like Git to automatically review commit messages and code changes.
6. **Feedback Loop**: Implement a mechanism for users to rate the suggestions they receive from CodeNanny. Use this feedback to continuously improve the accuracy and relevance of the guidance provided.
7. **Documentation**: Write comprehensive documentation detailing how to use CodeNanny, including setup instructions, usage examples, and customization options.
8. **Testing**: Develop a suite of tests to ensure the application functions correctly under various scenarios. Pay special attention to edge cases involving complex code structures.

This project aims to demonstrate the capabilities of the 'agh' package while providing a practical tool for enhancing coding proficiency.