ai-context-manager-mcp

v0.1.0 suspicious
5.0
Medium Risk

AI Context Manager MCP - Sync agent for AI assets (skills, prompts, specs, context)

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits medium risk due to its potential for executing shell commands and making network requests, alongside metadata suggesting it may be newly created with limited maintainer history.

  • Shell risk of 7/10
  • Network risk of 3/10
  • Metadata risk of 6/10
Per-check LLM notes
  • Network: The use of AsyncClient suggests the package may be making network requests to an external service, which is not inherently malicious but should be reviewed for legitimacy.
  • Shell: The execution of shell commands can pose significant risks if misused, indicating potential for unauthorized actions or data exfiltration.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of being newly created with limited maintainer history and an incomplete author profile, raising concerns about its legitimacy.

πŸ“¦ Package Quality Overall: Medium (5.0/10)

✦ High Test Suite 9.0

Test suite present β€” 19 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • 19 test file(s) detected (e.g. conftest.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/dannybombastic/mcp-standard-ai#readme
  • Detailed PyPI description (4986 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 158 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 10 commits in dannybombastic/mcp-standard-ai
  • Single author with few commits β€” possibly a personal or throwaway project

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • x.AsyncClient: return httpx.AsyncClient( base_url=self.settings.base_url, he
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ' '.join(cmd)}") result = subprocess.run(cmd, capture_output=True, text=True, check=check) if res
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: example.com>

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with ai-context-manager-mcp 
Create a mini-application named 'AIAssetSync' that leverages the 'ai-context-manager-mcp' package to synchronize AI assets across multiple platforms. This application will serve as a bridge between different AI environments, ensuring that skills, prompts, specifications, and context data are consistently updated and accessible. Here’s a detailed breakdown of the steps and features:

1. **Setup Environment**: Begin by setting up your development environment. Ensure you have Python installed along with the 'ai-context-manager-mcp' package. If it's not available via pip, include instructions on how to install it from source.

2. **Define Asset Types**: Enumerate the types of AI assets that 'AIAssetSync' will manage. These include skills, prompts, specifications, and context data. Each asset type should have a corresponding class or structure defined within the application.

3. **Connection Management**: Use 'ai-context-manager-mcp' to establish connections with various AI environments. Implement a connection manager that can handle multiple simultaneous connections and ensure secure, efficient data transfer.

4. **Synchronization Logic**: Develop synchronization logic that ensures all AI assets are kept up-to-date across all connected environments. This includes handling updates, deletions, and additions of assets.

5. **User Interface**: Create a simple user interface for managing these assets. Users should be able to add new assets, view existing ones, and perform actions like updating or deleting assets.

6. **Error Handling & Logging**: Implement robust error handling and logging mechanisms to track any issues during synchronization processes. This will help in troubleshooting and maintaining the stability of the application.

7. **Testing & Validation**: Conduct thorough testing to validate the functionality of 'AIAssetSync'. This should include unit tests for individual components, integration tests for the synchronization process, and performance tests to ensure efficiency.

8. **Documentation**: Provide comprehensive documentation detailing how to use 'AIAssetSync', including setup instructions, usage examples, and API references if applicable.

The goal of this project is to demonstrate how 'ai-context-manager-mcp' can be effectively utilized to maintain consistency and accessibility of AI assets across diverse environments, making it easier for developers and users to manage and utilize these resources.