aigentsy-mcp

v1.3.1 suspicious
5.0
Medium Risk

MCP server for the AiGentsy Settlement Protocol — proof, verification, exactly-once settlement, acceptance gating, and the Settlement Signal Beacon for Claude Desktop, Cursor, Cline, and any MCP-compatible runtime.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk profile with notable concerns regarding shell execution and network interactions. While it does not show clear signs of malicious activity, the lack of detailed maintainer information and community engagement adds to the uncertainty.

  • High shell risk due to potential for privilege escalation.
  • Moderate network risk with unspecified endpoint interactions.
Per-check LLM notes
  • Network: Network calls are common and may be part of the package's intended functionality, but the specific endpoints and data being sent should be reviewed.
  • Shell: Executing a shell command to run another instance of the package might indicate unexpected behavior or a potential for privilege escalation, warranting further investigation.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer's information is sparse, and the repository lacks community engagement, raising concerns about its legitimacy.

📦 Package Quality Overall: Medium (5.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. smoke_test.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://aigentsy.com/integrations#mcp
  • Detailed PyPI description (7950 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 32 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 36 commits in AiGentsyProtocol/aigentsy-protocol
  • Single author but highly active (36 commits)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • ict[str, Any]: resp = httpx.get(f"{self._base}{path}", headers=self._headers(), timeout=_TIM
  • ict[str, Any]: resp = httpx.post(f"{self._base}{path}", json=body, headers=self._headers(), t
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • immediate_crash(): proc = subprocess.Popen( [sys.executable, "-m", "aigentsy_mcp"], std
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: aigentsy.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aigentsy-mcp 
Create a mini-application named 'SettlementSignalMonitor' using the Python package 'aigentsy-mcp'. This application will serve as a real-time monitor and notifier for settlement signals from various AiGentsy Settlement Protocol-compatible runtimes such as Claude Desktop, Cursor, and Cline. Your task is to develop an application that connects to the MCP server, subscribes to specific settlement signals, and then processes these signals based on certain conditions. Here are the key steps and features your application should include:

1. **Setup Environment**: Ensure you have Python installed along with the 'aigentsy-mcp' package. If not already installed, use pip to install it.

2. **Connection to MCP Server**: Utilize the 'aigentsy-mcp' package to establish a connection to the MCP server. Make sure your application can handle secure connections and authenticate properly.

3. **Subscription to Signals**: Subscribe to specific types of settlement signals relevant to your application's use case. These signals could be related to transactions, verifications, or any other event that signifies a change in the state of the protocol.

4. **Processing Signals**: Implement logic within your application to process incoming signals. For example, if a signal indicates a successful transaction, your app should log this event or trigger an action such as sending a notification via email or SMS.

5. **Notification System**: Integrate a notification system into your application. When a significant signal is detected (such as a failed verification), your application should notify the user through a preferred method (e.g., email, SMS, push notification).

6. **Real-Time Monitoring Interface**: Develop a simple web interface using Flask or another lightweight web framework. This interface should display real-time updates about the status of the settlement signals being monitored.

7. **Configuration Management**: Allow users to configure which signals they want to monitor and how they wish to be notified. This configuration should be saved and loaded each time the application runs.

8. **Error Handling and Logging**: Implement robust error handling and logging mechanisms to ensure that any issues encountered during the monitoring process are recorded and can be reviewed later.

9. **Security Measures**: Since the application will interact with sensitive data, ensure all communication channels are secured and adhere to best security practices.

By completing this project, you'll gain hands-on experience with the 'aigentsy-mcp' package and understand how to leverage the AiGentsy Settlement Protocol in practical applications.