agloom

v0.1.93 suspicious
6.0
Medium Risk

Production agent framework on LangChain/LangGraph: nine execution patterns, persistent memory, skills, feedback, multi-level HITL, MCP, AGP protocol, runtime bridge, and observability hooks.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant obfuscation techniques and shell execution capabilities, raising concerns about its intended use and potential for abuse.

  • High obfuscation risk due to use of eval with restricted builtins.
  • Moderate shell risk from subprocess execution.
Per-check LLM notes
  • Network: The network calls indicate the package uses httpx for HTTP requests, which is common for packages that need to interact with web services.
  • Shell: Subprocess execution can be risky if not properly sanitized or controlled, as it might execute arbitrary commands. This suggests potential for misuse but doesn't necessarily indicate malicious intent.
  • Obfuscation: The use of eval with restricted builtins suggests an attempt to execute code in a restricted environment, which could be used for obfuscation or malicious purposes.
  • Credentials: No direct evidence of credential harvesting is present.

📦 Package Quality Overall: Medium (5.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://agloom.readthedocs.io
  • Detailed PyPI description (6893 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 474 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 85 commits in HELLOMEDHIRA/agloom
  • Single author but highly active (85 commits)

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • " try: async with httpx.AsyncClient(timeout=30.0, follow_redirects=True) as client:
  • y: async with httpx.AsyncClient(timeout=30.0) as client: r = await clien
  • x self._client = httpx.AsyncClient( headers=self._headers, time
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • " try: return str(eval(expr, {"__builtins__": {}}, {})) except Exception as exc
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: r = subprocess.run([cli, "--version"], capture_output=True, text=True, timeout=
  • try: r = subprocess.run([cli] + args, shell=False) except FileNotFoundError:
  • None try: proc = subprocess.run( # noqa: S603 [ rg,
  • try: proc = subprocess.run( # noqa: S603 argv, cwd=str
  • try: proc = subprocess.run( # noqa: S602 cmd, cwd=str(
  • try: proc = subprocess.Popen(cmd, **popen_kw) # noqa: S603 except OSError as exc
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agloom 
Create a conversational agent named 'ConvoCraft' using the 'agloom' Python package, designed to assist users in crafting personalized recipes based on their dietary preferences and available ingredients. This mini-app will leverage the advanced features of 'agloom' such as persistent memory, skills, feedback loops, and multi-level Human-in-the-Loop (HITL) mechanisms to enhance user interaction and satisfaction.

Step-by-step guide:
1. **Setup**: Install the 'agloom' package and set up a basic agent framework.
2. **Skill Development**: Develop skills for the agent to understand user dietary preferences, recognize available ingredients, suggest recipes, and provide nutritional information.
3. **Persistent Memory**: Implement persistent memory so the agent can remember past conversations and preferences from the same user, enhancing personalization.
4. **Feedback Mechanism**: Integrate a feedback loop where users can rate the recipes suggested by the agent, allowing for continuous improvement.
5. **Multi-Level HITL**: Design a multi-level HITL system where human intervention can refine suggestions when the agent's initial output does not meet expectations.
6. **Observability**: Use observability hooks provided by 'agloom' to monitor and log interactions, enabling better analysis and future enhancements.
7. **User Interface**: Develop a simple command-line interface for users to interact with the agent.

Features:
- Dietary preference recognition (vegetarian, vegan, gluten-free, etc.)
- Ingredient availability check
- Recipe suggestion based on user input and past data
- Nutritional facts provision for each recipe
- User feedback collection and analysis
- Persistent memory to store user preferences and previous interactions
- Multi-level human intervention for refining suggestions
- Detailed logs and analytics through observability hooks