AI Analysis
Final verdict: SUSPICIOUS
The package exhibits significant risk factors including typosquatting targeting 'amqp', suspicious maintainer history, and the presence of non-secure links. These elements collectively suggest a high likelihood of potential malicious intent.
- Typosquatting attempt targeting a well-known package
- Suspicious maintainer history
- Presence of non-secure links
Per-check LLM notes
- Metadata: Suspicious maintainer history and non-secure links suggest potential risks.
- ⚠ Typosquatting target: amqp
Package Quality Overall: Medium (6.2/10)
✦ High
Test Suite
9.0
Test suite present — 18 test file(s) found
Test runner config found: conftest.pyTest runner config found: pyproject.toml18 test file(s) detected (e.g. conftest.py)Classifier: Framework :: Pytest
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (29371 chars)
○ Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
◈ Medium
Type Annotations
7.0
Partial type annotation coverage
Classifier: Typing :: TypedType checker (mypy / pyright / pytype) referenced in project313 type-annotated function signatures detected in source
◈ Medium
Multiple Contributors
6.0
Limited contributor diversity
2 unique contributor(s) across 100 commits in helmut-hoffer-von-ankershoffen/ammp-mcpTwo distinct contributors found
Heuristic Checks
Outbound Network Calls
score 9.0
Found 6 network call pattern(s)
quest try: req = urllib.request.Request(agent_url, headers={"User-Agent": "ammp-health/1"})ammp-health/1"}) with urllib.request.urlopen(req, timeout=timeout) as resp: body = jsreturn try: req = urllib.request.Request(m.backend.url, method="HEAD", headers={"User-Agent":ammp-health/1"}) with urllib.request.urlopen(req, timeout=timeout) as resp: table.addaders or {}), } req = urllib.request.Request(url, headers=merged) try: with urllib.remerged) try: with urllib.request.urlopen(req, timeout=timeout) as r: return r.sta
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 8.0
Found 4 shell execution pattern(s)
nsure_ascii=False) proc = subprocess.run( ["bash", harness], env=env, input=s"PLUGIN": plugin} proc = subprocess.run( ["bash", str(SCRIPT)], env=env, capNone} try: proc = subprocess.run( [sys.executable, "-m", "ammp_mcp", *args],-8", ) proc = subprocess.run( ["mmdc", "-i", str(src), "-o", str(out), "-b",
Credential Harvesting
score 10.0
Found 5 credential access pattern(s)
(app, ["playbook", "show", "../etc/passwd"]) assert r.exit_code == 2 def test_list_mentees(runn, ["playbook", "validate", "../etc/passwd"]) assert r.exit_code == 2 assert "invalid playbooktool("GetPlaybook", {"id": "../etc/passwd"}) assert result.data["error"] == "invalid_id" asyncginArchive", {"plugin": "../../etc/passwd"}) assert result.data["error"] == "invalid_plugin" asauth ", "auth"), ("../etc/passwd", None), ("foo\\bar", None), (".secret", No
Typosquatting
score 3.0
Possible typosquat of: amqp
"ammp" is 1 edit(s) from "amqp"
Registered Email Domain
Email domain looks legitimate: helmguild.com>
Suspicious Page Links
score 4.0
Found 2 suspicious link(s) on the package page
Non-HTTPS external link: http://mypy-lang.org/Non-HTTPS external link: http://127.0.0.1:8765/.well-known/agent.json
Git Repository History
Repository helmut-hoffer-von-ankershoffen/ammp-mcp appears legitimate
Maintainer History
score 4.0
2 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with ammp
Create a mentorship platform mini-app using the 'ammp' Python package. This platform will facilitate a mentoring relationship between experienced mentors and novice mentees, leveraging the Agentic Mentor-Mentee Protocol (AMMP). The app should allow mentees to connect with mentors based on specific skill sets and interests, receive personalized advice, and access a curated playbook of mentorship strategies and techniques. Here are the key steps and features for building this mini-app: 1. **Setup and Installation**: Begin by installing the 'ammp' package and setting up your development environment. Ensure you have Python installed and use pip to install 'ammp'. 2. **User Registration and Authentication**: Implement user registration and login functionalities to manage both mentors and mentees. Use standard authentication methods. 3. **Profile Creation**: Allow users to create profiles where they can specify their expertise areas (for mentors) and learning goals (for mentees). 4. **Mentorship Matching**: Utilize the 'ammp' package to implement a matching algorithm that pairs mentees with mentors based on their profiles and interests. 5. **Communication Interface**: Develop a messaging system within the app that allows for secure and private communication between mentors and mentees. This could include text messages, video calls, or even shared documents. 6. **Curated Playbook Access**: Integrate the 'ammp' package to expose its curated playbook of mentorship strategies and techniques to both mentors and mentees. This playbook should be accessible through the app and can be filtered based on topics or skills. 7. **Feedback System**: Implement a feedback mechanism where mentees can rate their sessions with mentors and provide constructive feedback. Mentors should also be able to rate mentees based on their engagement and progress. 8. **Analytics Dashboard**: Create an analytics dashboard for mentors and administrators to track the success of mentorship programs and individual sessions. By following these steps and incorporating these features, you'll develop a comprehensive and functional mentorship platform mini-app that effectively leverages the capabilities of the 'ammp' package.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue