agntcy-dir

v1.3.0 suspicious
6.0
Medium Risk

Directory SDK

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant shell risk due to the use of subprocess.run without proper validation, raising concerns about potential code execution vulnerabilities. While other risks are relatively low, the combination of signals suggests a need for caution.

  • High shell risk due to lack of input validation when using subprocess.run
  • Low effort in metadata management and no maintainer history
Per-check LLM notes
  • Network: The use of httpx.Client suggests legitimate network requests, but the absence of clear documentation or context increases some suspicion.
  • Shell: Executing arbitrary commands via subprocess.run without proper input validation or context is highly suspicious and could indicate potential for code execution vulnerabilities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows low effort in metadata management and lacks a maintainer history, raising some suspicion but not strong indicators of malice.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

  • Test runner config found: pyproject.toml
  • 2 test file(s) detected (e.g. test_client.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9343 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 57 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • penid-configuration" with httpx.Client(verify=verify, timeout=timeout) as client: response
  • ) -> dict[str, Any]: with httpx.Client(verify=verify, timeout=timeout) as client: response
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • h, ] subprocess.run( command, check=True,
  • ification command subprocess.run( command, check=True,
  • y, ] subprocess.run( command, check=True,
  • e signing command subprocess.run( command, check=True,
  • "generate-key-pair") subprocess.run(command, check=True, capture_output=True, env=shell_env)
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agntcy-dir 
Your task is to develop a directory management tool called 'DirMaster' using the Python package 'agntcy-dir'. This tool will help users manage their directories more efficiently by providing a suite of operations such as creating, renaming, deleting, and listing directories. Additionally, it should support advanced features like moving directories between different paths, checking if a directory exists, and retrieving the size of directories. To make DirMaster user-friendly, implement a command-line interface (CLI) where users can interact with the tool through simple commands. For example, they should be able to create a new directory by typing 'dirmaster create <path>', rename a directory with 'dirmaster rename <old_path> <new_path>', and so on. Ensure that the CLI provides clear feedback to the user after each operation. As part of your implementation, use the 'agntcy-dir' package to handle all directory operations, leveraging its core functionalities to ensure reliability and efficiency. Your goal is to create a fully-functional mini-app that demonstrates the power and versatility of 'agntcy-dir', making directory management easier and more accessible for everyday users.