air-agent

v0.3.1 suspicious
6.0
Medium Risk

Lightweight Python AI agent with OpenAI tool calling, MCP support, and parallel subagents

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to credential risks and low maintainer activity, suggesting possible issues but not definitive proof of malicious intent.

  • Credential risk of 7/10
  • Metadata risk of 5/10
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package's functionality requires external communication.
  • Shell: No shell executions detected, indicating the package does not attempt to run system commands without user interaction.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: Suspicious patterns suggest potential unauthorized access attempts to sensitive files.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising concerns but not conclusive evidence of malintent.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 11 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 11 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (12090 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 140 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 64 commits in chldu2000/air-agent
  • Single author but highly active (64 commits)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • resolve_and_check_path("/etc/passwd", cfg) def test_path_traversal_blocked(self, tmp_path:
  • d_file", json.dumps({"path": "/etc/passwd"})) @pytest.mark.asyncio async def test_read_trunc
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with air-agent 
Create a versatile task management application using the 'air-agent' Python package. This application will serve as a personal assistant for managing tasks and delegating them to multiple agents running in parallel. Each agent can perform specific tasks such as fetching weather updates, checking news headlines, or scheduling appointments. Here’s a step-by-step guide on how to develop this application:

1. **Setup Environment**: Begin by setting up your development environment. Ensure you have Python installed along with the 'air-agent' package. If not already installed, install it via pip.
2. **Define Core Functionality**: Define the core functionalities of your application. These include task creation, task delegation to different agents, and receiving updates from these agents.
3. **Implement Agents**: Using 'air-agent', create multiple sub-agents. Each sub-agent should be specialized for a particular type of task. For example, one could fetch weather updates from an API, another could check for breaking news headlines, and yet another could manage calendar appointments.
4. **Parallel Processing**: Utilize the parallel processing capabilities of 'air-agent' to run these sub-agents concurrently. This allows your application to handle multiple tasks simultaneously without blocking.
5. **User Interface**: Develop a simple user interface where users can input new tasks, view ongoing tasks, and receive notifications about completed tasks.
6. **Tool Integration**: Integrate tools like OpenAI APIs for natural language processing tasks if required. Use the 'air-agent' package’s OpenAI tool calling feature to enhance the application’s capabilities.
7. **Testing & Validation**: Test each component thoroughly to ensure reliability and efficiency. Validate the application’s ability to delegate tasks accurately and receive timely updates.
8. **Deployment**: Once tested, deploy your application either locally or on a cloud service provider. Make sure it is accessible and easy to use.

**Suggested Features**:
- User authentication for secure access.
- Priority levels for tasks.
- Notifications for task completion or failure.
- Customizable dashboard for viewing task statuses.
- Logging of all task-related activities for audit purposes.

By following these steps and utilizing the 'air-agent' package effectively, you’ll develop a powerful and flexible task management application capable of handling diverse tasks efficiently.