agilab

v2026.6.4.2 suspicious
5.0
Medium Risk

AGILAB is a reproducible AI/ML workbench for engineering teams.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to high shell execution risk, which can be exploited for malicious activities. However, other risks are low, and there are no immediate red flags in metadata.

  • High shell risk indicating potential for arbitrary command execution.
  • Package is new with limited maintainer history.
Per-check LLM notes
  • Network: Network calls seem to be used for standard operations like fetching metadata or downloading files from the internet.
  • Shell: Shell execution patterns could indicate potential risk as they may allow arbitrary command execution, which can be misused for malicious purposes.
  • Metadata: The package is new and maintained by a single author with limited history, but no immediate red flags are present.

📦 Package Quality Overall: Medium (6.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://thalesgroup.github.io/agilab
  • Detailed PyPI description (31349 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 675 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 5 unique contributor(s) across 69 commits in ThalesGroup/agilab
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • > bool: try: with socket.create_connection((host, port), timeout=timeout): return True
  • opener: Callable[..., Any] = urllib.request.urlopen, timeout: float = PYPI_APP_METADATA_TIMEOUT_SECO
  • ONDS, ) -> Any: request = urllib.request.Request(url, headers={"Accept": "application/json", "User-Ag
  • return None request = urllib.request.Request(wheel_url, headers={"User-Agent": "agilab-pypi-app-p
  • opener: Callable[..., Any] = urllib.request.urlopen, inspect_wheel: bool = True, ) -> PypiAppMetadat
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • .]: try: psutil = __import__("psutil") except Exception: return () try: ne
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • s.""" try: proc = subprocess.run( command, check=False, s
  • nd(): completed = subprocess.run({argv!r}, cwd={cwd!r}, check=False) if completed
  • letedProcess[str]: return subprocess.run( list(argv), text=True, capture_outp
  • letedProcess[str]: return subprocess.run(list(argv), **kwargs) def _local_ipv4_hosts(*, runner: Run
  • r_handle: completed = subprocess.run( command, cwd=repo_root,
  • try: completed = subprocess.run(command, cwd=run_root, text=True, capture_output=True, check
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository ThalesGroup/agilab appears legitimate

Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package is very new: uploaded 2 day(s) ago
  • Author "Jean-Pierre Morard" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agilab 
Create a mini-application called 'AgileAIWorkbench' using the Python package 'agilab'. This application should serve as a simplified version of a reproducible AI/ML workbench designed for small engineering teams. Your task is to develop an application that allows users to manage, execute, and track AI experiments in a reproducible manner.

### Key Features:
1. **Experiment Management**: Users should be able to define new experiments, including specifying datasets, models, and hyperparameters. Each experiment should be stored in a structured format within the application.
2. **Execution Interface**: Implement a simple interface where users can select and run their experiments. The application should support running multiple experiments concurrently and display real-time progress.
3. **Results Tracking**: After an experiment runs, store its results along with relevant metadata such as start time, end time, and any error messages. Allow users to view past experiment results and compare them side by side.
4. **Reproducibility**: Ensure that each experiment can be reproduced exactly, even if it was run months ago. Use 'agilab' to handle versioning of code, data, and environment configurations.
5. **Visualization**: Integrate basic visualization tools to help users understand the performance of their models over different experiments.

### Utilization of 'agilab':
- Use 'agilab' to create and manage environments where all dependencies and configurations are locked down for reproducibility.
- Leverage 'agilab' to document and save the exact state of every experiment, including input data, model architectures, and hyperparameters.
- Apply 'agilab' to streamline the execution process, making sure that each experiment runs in an isolated, controlled environment.
- Use 'agilab' to ensure that results are easily accessible and comparable, facilitating better decision-making processes within the team.