amp-memory

v0.3.0 suspicious
7.0
High Risk

AMP: The Agent Memory Protocol - A local-first, MCP-native memory server.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple red flags including high network and shell execution risks, complex obfuscation techniques, and signs of low maintainer effort. While there's no clear evidence of malicious intent, these indicators collectively suggest potential risks.

  • High network and shell execution risks
  • Complex obfuscation techniques
  • Signs of low maintainer effort
Per-check LLM notes
  • Network: The network calls to external URLs suggest the package may be communicating with an external service which could potentially be used for data exfiltration or command and control.
  • Shell: Executing subprocesses, especially with dynamic parameters, can indicate potential for executing arbitrary commands, suggesting a risk of introducing a backdoor.
  • Obfuscation: The code uses complex and uncommon methods to access environment variables, which may indicate an attempt to evade detection or analysis.
  • Credentials: No direct harvesting of credentials is observed, but the unusual method of accessing environment variables could potentially be used to hide credential usage.
  • Metadata: The package shows signs of low maintainer effort and potential anonymity, raising suspicion but not definitive proof of malice.

📦 Package Quality Overall: Low (2.8/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4514 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 157 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • try: resp = requests.post(OLLAMA_URL, json={ "model": OLLAMA_MODEL,
  • n.""" try: resp = requests.post(OLLAMA_URL, json={ "model": OLLAMA_MODEL,
  • ttle() resp = requests.post(self._url, headers=headers, json=body, timeout=self.timeout)
  • try: resp = requests.post(f"{self.host}/api/generate", json=payload, timeout=self.time
  • hink"] = False resp = requests.post(f"{self.host}/api/generate", json=payload, timeout=self.time
  • try: resp = requests.post(self._api_url, json={ "model": self.model,
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • as genai import os API_KEY = __import__("os").environ.get("GEMINI_API_KEY") or (_ for _ in ()).throw(Runt
  • onfiguration GEMINI_API_KEY = __import__("os").environ.get("GEMINI_API_KEY") or (_ for _ in ()).throw(Runt
  • ure Gemini for Eval API_KEY = __import__("os").environ.get("GEMINI_API_KEY") or (_ for _ in ()).throw(Runt
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • log_file.flush() proc = subprocess.Popen( [sys.executable, "-m", "amp.daemon", "--serve", "--
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain score 3.0

Suspicious email domain flags: Very short email domain: mt.iitr.ac.in>

  • Very short email domain: mt.iitr.ac.in>
Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with amp-memory 
Create a personal knowledge management system (PKMS) using the 'amp-memory' Python package. This PKMS will serve as a robust local-first storage solution for notes, ideas, and other digital artifacts. It should allow users to add, edit, delete, and search through their stored data efficiently. Additionally, the system should support tagging and categorization of items for better organization and retrieval.

Step 1: Set up the environment
- Install Python and necessary packages including 'amp-memory'.
- Initialize a new Python project and set up the required dependencies.

Step 2: Design the Data Model
- Define the structure of your notes/items, including fields such as title, content, tags, and creation date.

Step 3: Implement CRUD Operations
- Create functions to add new notes.
- Develop methods to edit existing notes.
- Implement functionality to delete notes.
- Add search capabilities to find notes based on title, content, tags, or creation date.

Step 4: Tagging and Categorization
- Integrate a tagging system that allows users to assign multiple tags to each note.
- Enable categorization of notes into predefined categories.

Step 5: User Interface
- Although this is a command-line application, ensure it has a user-friendly interface with clear prompts and outputs.

How 'amp-memory' is utilized:
- Use 'amp-memory' to store all the notes and metadata locally in a way that supports efficient querying and updating.
- Leverage the local-first nature of 'amp-memory' to ensure that all operations are fast and reliable without needing an internet connection.
- Implement synchronization features if desired, allowing users to keep their PKMS consistent across different devices.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!