agnomem

v0.2.4 suspicious
6.0
Medium Risk

Agent-agnostic memory layer — one memory store for every AI agent.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits elevated risks due to its network and shell execution behaviors, suggesting potential misuse. However, the lack of obfuscation and credential risks, along with the absence of typosquatting, lowers the overall threat level.

  • High network and shell execution risks
  • Sparse maintainer information and missing repository
Per-check LLM notes
  • Network: The network calls indicate the package is communicating with an external server, which could be used for legitimate purposes like API interaction but also raises concerns about potential data exfiltration or command and control (C2) activities.
  • Shell: Executing shell commands can be part of package functionality, such as installing dependencies or managing processes, but the use of 'kill -9' and launchctl commands suggests aggressive process management that might indicate malicious intent.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: The package has no typosquatting, email domain, or suspicious page link flags, but the repository is not found and the maintainer's information is sparse, indicating potential unreliability.

📦 Package Quality Overall: Low (2.8/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7725 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 43 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • server() try: r = requests.get( f"{_url()}/memory/search", params={
  • _require_server() r = requests.post( f"{_url()}/memory", json={"content": conten
  • _require_server() r = requests.get(f"{_url()}/memories", params={"user_id": user}, timeout=10)
  • _require_server() r = requests.delete(f"{_url()}/memory/{memory_id}", timeout=10) r.raise_for_
  • _require_server() r = requests.delete(f"{_url()}/memories", params={"user_id": user}, timeout=10)
  • rue ) r = requests.delete(f"{_url()}/memories", params={"user_id": user}, timeout=10)
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • g mem0ai and chromadb …") subprocess.check_call( [sys.executable, "-m", "pip", "install", "mem0ai",
  • g process. lsof = subprocess.run( ["lsof", "-i", f"tcp:{port}", "-sTCP:LISTEN
  • ip().split(): subprocess.run(["kill", "-9", pid], capture_output=True) if ha
  • n't revive it subprocess.run([LAUNCHCTL, "unload", str(PLIST_FILE)],
  • (20): check = subprocess.run( ["lsof", "-i", f"tcp:{port}", "-sTCP:LI
  • has_service: subprocess.run([LAUNCHCTL, "load", str(PLIST_FILE)],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agnomem 
Create a mini-application called 'AgentMemo' that allows users to manage memories for multiple AI agents in a structured and efficient manner using the 'agnomem' package. The application should enable users to add new memories, retrieve existing ones, update them, and delete them as needed. Each memory should be associated with a specific AI agent and can include details such as timestamp, content, and context.

Key Features:
1. User Interface: Develop a simple yet intuitive user interface where users can interact with the application easily. This could be a command-line interface (CLI) or a basic web-based interface depending on your preference.
2. Memory Management: Implement functionalities to add, retrieve, update, and delete memories. Memories should be stored in a way that they are easily accessible and searchable based on the agent they belong to.
3. Timestamps: Automatically assign timestamps to each memory entry to track when it was added or last updated.
4. Contextual Information: Allow users to add contextual information to each memory, such as the environment the agent was operating in or the task it was performing at the time of the memory creation.
5. Search Functionality: Provide a search feature that enables users to find specific memories based on keywords, timestamps, or the agent the memory is associated with.

How to Utilize 'agnomem':
- Use 'agnomem' to create a centralized memory store for each AI agent. This will help in managing the memories efficiently without worrying about the underlying storage mechanism.
- When adding a new memory, use 'agnomem' to ensure that the memory is correctly associated with the right agent and stored appropriately.
- For retrieving memories, utilize 'agnomem' to fetch memories based on the agent's identifier and any additional filters provided by the user.
- Update and delete operations should also leverage 'agnomem' to modify or remove memories from the correct agent's memory store.