andish-mcp

v0.1.0 suspicious
7.0
High Risk

MCP server for the Andish Knowledge Graph API

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant shell and credential risks, suggesting potential for malicious activities such as arbitrary code execution and credential harvesting.

  • High shell risk due to execution of subprocess commands.
  • High credential risk suggesting potential for credential harvesting.
Per-check LLM notes
  • Network: The package makes network calls to an external API which could potentially be used for data exfiltration.
  • Shell: Execution of subprocess commands suggests potential for arbitrary code execution, indicating high risk for malicious activities.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code pattern suggests potential credential harvesting activity, raising significant security concerns.
  • Metadata: The package is newly created and lacks a GitHub repository, which could indicate potential risks.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 13 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • 13 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1112 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 66 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • 0 real_client._http = httpx.Client( base_url="https://api.andish.ru/v1",
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • _port}/v1", } proc = subprocess.Popen( # noqa: S603 — trusted input: sys.executable + our own scr
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • nv("ANDISH_BASE_URL", "file:///etc/passwd") with pytest.raises(SystemExit) as exc_info:
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "Andish Team" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with andish-mcp 
Create a knowledge graph explorer mini-app using the 'andish-mcp' Python package. This app will serve as a user-friendly interface to query and visualize data from an Andish Knowledge Graph. The goal is to enable users to search for specific entities, explore relationships between entities, and navigate through a network of connected data points. Here's a detailed plan on how to proceed:

1. **Setup Environment**: Begin by setting up a Python environment and installing necessary packages including 'andish-mcp'. Ensure you have the latest version installed.
2. **API Integration**: Use 'andish-mcp' to set up a connection to the Andish Knowledge Graph API. Configure your API keys and endpoints as required.
3. **User Interface Design**: Develop a simple yet intuitive UI where users can input queries and view results. Consider using libraries like Flask for backend services and Plotly/D3.js for interactive visualizations.
4. **Query Engine**: Implement a robust query engine that allows users to perform various types of searches such as keyword searches, entity lookups, and relationship queries. Utilize 'andish-mcp' functions to translate these queries into API requests.
5. **Data Visualization**: Integrate features that allow users to visualize the connections between entities. This could include creating graphs, charts, or maps based on the queried data.
6. **Advanced Features**: Optionally, add advanced features such as real-time updates, recommendation systems based on user activity, and support for different types of data visualization.
7. **Testing & Optimization**: Thoroughly test the application to ensure it handles all edge cases efficiently. Optimize performance and refine the user experience based on feedback.
8. **Documentation & Deployment**: Write comprehensive documentation explaining how to use the application and deploy it to a cloud service or a local server.

By following these steps, you'll create a valuable tool for anyone interested in exploring and understanding complex networks of information stored within the Andish Knowledge Graph.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!