aidd-kos

v0.2.1 suspicious
6.0
Medium Risk

Agentic Knowledge OS — LightRAG knowledge graph + MCP server for AI-driven development

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits potential risks due to its network calls and execution of external commands, combined with limited metadata and activity metrics.

  • Network calls that could be used for unauthorized data exchange
  • Execution of external commands without sufficient documentation
Per-check LLM notes
  • Network: Network calls to specific URLs may indicate legitimate functionality but could also be used for unauthorized data exchange.
  • Shell: Executing external commands suggests the package interacts with system tools, which is potentially risky if not properly controlled or documented.
  • Metadata: The repository is newly created with no activity metrics, and the maintainer's account details are sparse.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 27 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 27 test file(s) detected (e.g. test_smoke.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4088 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 136 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 52 commits in spikestudio/aidd-kos
  • Single author but highly active (52 commits)

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • }).encode() req = urllib.request.Request( _LIGHTRAG_PAGINATED_URL,
  • try: with urllib.request.urlopen(req, timeout=30) as resp: data =
  • x_retries): req = urllib.request.Request( _LIGHTRAG_DELETE_URL,
  • try: req = urllib.request.Request(_LIGHTRAG_HEALTH_URL, method="GET")
  • d="GET") with urllib.request.urlopen(req, timeout=10) as resp: data =
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ep 2: mise install""" subprocess.run(["mise", "install"], cwd=self.project_dir, check=True)
  • """Step 3: uv sync""" subprocess.run(["uv", "sync"], cwd=self.project_dir, check=True) def i
  • xists(): result = subprocess.run( ["npx", "@colbymchenry/codegraph", "init",
  • ndex にフォールバック subprocess.run( ["npx", "@colbymchenry/codegraph", "ind
  • ) else: subprocess.run( ["npx", "@colbymchenry/codegraph", "index",
  • t server_running: subprocess.Popen( [ sys.executable,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 3 day(s) ago (2026-06-03T09:31:51Z)

  • Repository created very recently: 3 day(s) ago (2026-06-03T09:31:51Z)
  • Repository has zero stars and zero forks
Maintainer History score 6.0

3 maintainer concern(s) found

  • Package is very new: uploaded 2 day(s) ago
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aidd-kos 
Develop a fully-functional mini-application named 'KnowledgeBot' that leverages the Agentic Knowledge OS (aidd-kos) package to facilitate intelligent information retrieval and management. This application will serve as a personal knowledge manager, allowing users to store, query, and analyze data using AI-driven capabilities. Here’s a step-by-step guide on how to build 'KnowledgeBot':

1. **Setup Environment**: Begin by setting up your Python environment and installing the aidd-kos package.
2. **User Interface Design**: Design a simple yet intuitive user interface that allows users to interact with the system through natural language queries.
3. **Data Storage & Retrieval**: Utilize the LightRAG knowledge graph component of aidd-kos to store structured and unstructured data from various sources such as documents, web pages, and databases.
4. **Query Processing**: Implement a feature where users can input queries in natural language, and the application processes these queries using the MCP server provided by aidd-kos, returning relevant results.
5. **AI-Driven Analysis**: Enable the application to perform advanced analysis on the queried data, providing insights and summaries based on the retrieved information.
6. **Integration with External Tools**: Allow 'KnowledgeBot' to integrate with external tools like calendars, email clients, and note-taking apps for seamless data import/export.
7. **Security & Privacy**: Ensure all data interactions are secure and comply with privacy regulations.

Suggested Features:
- User authentication and role-based access control.
- Support for importing data from multiple formats (PDF, DOCX, CSV).
- Ability to schedule regular updates for stored data.
- Visualization of data insights through graphs and charts.
- Notification system for new data or updates.

By following these steps and incorporating the suggested features, you will create a powerful and user-friendly tool for managing and analyzing personal and professional information using the advanced functionalities of the aidd-kos package.