agpack

v0.4.2 suspicious
7.0
High Risk

Fetch and deploy AI agent resources from git repos to local tool directories

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package agpack v0.4.2 has significant metadata risks due to sparse maintainer information and missing repository details. Additionally, it appears to be a typosquatting attempt targeting 'msgpack', which raises suspicion.

  • metadata risk due to sparse maintainer information
  • typosquatting attempt targeting 'msgpack'
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution is used to run git commands, which might be part of version control operations but requires further investigation to ensure legitimacy.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating safe handling of secrets and credentials.
  • Metadata: The repository is not found and the maintainer's information is sparse, raising concerns about the package's legitimacy.
  • Typosquatting target: msgpack

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 11 test file(s) found

  • Test runner config found: pyproject.toml
  • 11 test file(s) detected (e.g. test_builtin_targets.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (19824 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 336 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • 0"} try: result = subprocess.run( ["git", *args], cwd=cwd,
  • Path) -> None: # Mock subprocess.run (not _run_git) so the redaction inside _run_git actually fire
  • a directory.""" result = subprocess.run( ["git", *args], cwd=cwd, capture_ou
Credential Harvesting

No credential harvesting patterns detected

Typosquatting score 3.0

Possible typosquat of: msgpack

  • "agpack" is 2 edit(s) from "msgpack"
Registered Email Domain

Email domain looks legitimate: thumfart.eu>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agpack 
Create a mini-application called 'AgentHub' using the Python package 'agpack'. AgentHub will serve as a command-line interface (CLI) tool for developers to easily fetch, manage, and deploy AI agents from various Git repositories directly to their local development environment. The app should be user-friendly and allow users to search for agents by name, author, or tags, and then download and install them into their preferred directory. Additionally, it should provide functionality to update installed agents and remove them if no longer needed. Here are the key steps and features for building this application:

1. **Setup**: Begin by installing the necessary packages including 'agpack', 'click' for CLI functionality, and 'requests' for handling HTTP requests.
2. **Search Functionality**: Implement a search feature that allows users to query available AI agents by name, author, or tags. Use 'agpack' to fetch the list of available agents from a predefined set of Git repositories.
3. **Installation**: After searching, users should be able to select one or more agents to install locally. Use 'agpack' to clone the selected repositories and deploy the agents into a specified directory on the user's machine.
4. **Update Management**: Provide an option for users to update installed agents to their latest versions. This involves fetching updates from the Git repositories and applying them to the local installations.
5. **Uninstallation**: Allow users to uninstall agents they no longer need. This involves removing the agent's files from the local directory.
6. **Configuration Options**: Include configuration options such as setting the default installation directory and specifying which Git repositories to include in searches.
7. **Logging and Feedback**: Ensure that the application provides clear logging and feedback during all operations, indicating success or failure at each step.
8. **Testing**: Thoroughly test the application with different scenarios to ensure reliability and usability.

By utilizing 'agpack', you'll streamline the process of managing AI agents, making it easier for developers to integrate and experiment with new tools in their projects.