ai-recallworks

v0.5.2 safe
3.0
Low Risk

Open-source agent-memory MCP server. recall.works

🤖 AI Analysis

Final verdict: SAFE

The package ai-recallworks v0.5.2 is considered safe based on the metadata risk score and the lack of other red flags.

  • Author has only one package
  • No other suspicious activities detected
Per-check LLM notes
  • Metadata: The author has only one package, which may indicate a new or less active maintainer, but no other red flags are present.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 15 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • 15 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (15477 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 114 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 5 unique contributor(s) across 36 commits in recallworks/recall
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • se generous timeout. r = requests.post(f"{URL}/tool/{tool}", headers=H, json=payload, timeout=120)
  • Health print("server:", requests.get(f"{URL}/health", headers=H, timeout=10).json()) # 1.
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • s", repo_url) proc = subprocess.run( ["git", "pull", "--ff-only"], cwd
  • po_url, repo_dir) proc = subprocess.run( ["git", "clone", "--depth", "1", clone_url, str(re
  • try: proc = subprocess.run( ["git", "pull", "--ff-only"],
Credential Harvesting score 10.0

Found 4 credential access pattern(s)

  • # Auth raw = os.environ.get("API_KEYS", "") api_key = os.environ.get("API_KEY", "")
  • KEYS", "") api_key = os.environ.get("API_KEY", "") if raw: try: p
  • l is zero-config. if not os.environ.get("API_KEY") and not os.environ.get("API_KEYS"): os.environ["
  • nviron.get("API_KEY") and not os.environ.get("API_KEYS"): os.environ["API_KEY"] = "stdio-local"
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository recallworks/recall appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "ai-recallworks" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-recallworks 
Build a simple Python application using the ai-recallworks package to demonstrate its core features.