agno-agent-builder

v0.1.9 suspicious
6.0
Medium Risk

Parametrizable Agno-based agent runtime — FastAPI factory with pluggable agent sources, multi-tenant headers, and LISTEN/NOTIFY hot reload.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to network calls that require further investigation and suspicious metadata indicators. There's a potential concern about supply-chain attacks, but no concrete evidence of malicious intent.

  • Network calls are likely for legitimate API interactions but need verification.
  • Suspicious metadata and low maintainer activity raise concerns.
Per-check LLM notes
  • Network: Network calls are likely for legitimate purposes such as API interactions, but further investigation is needed to ensure no unauthorized data exfiltration.
  • Shell: No shell execution patterns detected, suggesting low risk of direct system command abuse.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: Suspicious links and low maintainer activity suggest potential risk, but insufficient evidence for high confidence.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • Test runner config found: conftest.py
  • 9 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1885 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 117 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 100 commits in Zetesis-Labs/PayloadAgents
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • _username async with httpx.AsyncClient(timeout=10.0) as client: response = await client
  • internal/list" async with httpx.AsyncClient(timeout=timeout_s) as client: try: respo
  • ndMessage" async with httpx.AsyncClient(timeout=10.0) as client: try: aw
  • } async with httpx.AsyncClient(timeout=10.0) as client: try: aw
  • @original" async with httpx.AsyncClient(timeout=30.0) as client: try: if
  • @original" async with httpx.AsyncClient(timeout=10.0) as client: try: aw
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://payload:3000
  • Non-HTTPS external link: http://mcp:3001/mcp
Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Zetesis Labs" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agno-agent-builder 
Create a real-time chat application using Python's 'agno-agent-builder' package that supports multiple tenants and allows for dynamic agent updates via LISTEN/NOTIFY commands. The application should allow users to sign in as part of different tenant groups, send messages within their own group, and have the ability for system administrators to update agent behavior without restarting the server.

Step 1: Set up the environment
- Install Python and necessary libraries including 'agno-agent-builder'.
- Initialize a new Python project and configure a virtual environment.

Step 2: Design the Application Structure
- Define the database schema to store user information and messages.
- Implement a FastAPI backend using 'agno-agent-builder' to handle HTTP requests and WebSocket connections.
- Use LISTEN/NOTIFY commands for hot reloading of agent configurations.

Step 3: Implement Multi-Tenant Support
- Configure headers to identify which tenant a request belongs to.
- Ensure that each tenant's data is isolated from others.

Step 4: Develop User Authentication
- Create endpoints for user registration and login.
- Store user credentials securely using hashing.

Step 5: Build Chat Functionality
- Add functionality for users to send and receive messages within their tenant.
- Implement real-time messaging using WebSockets.

Step 6: Integrate Hot Reload Mechanism
- Set up the LISTEN/NOTIFY mechanism to listen for configuration changes.
- When a change is detected, dynamically update the agent's behavior without interrupting service.

Step 7: Testing and Deployment
- Thoroughly test all functionalities, especially focusing on multi-tenancy and real-time updates.
- Deploy the application on a cloud platform like AWS or Heroku.

Features:
- Multi-tenant chat rooms with secure isolation of data.
- Real-time message delivery using WebSockets.
- Dynamic agent updates for easy maintenance and scalability.
- User authentication and authorization.
- Hot reload of agent configurations for live updates.