annomate-mcp

v0.1.0 suspicious
6.0
Medium Risk

MCP server for VIA v3 — lets Claude read and write image annotations in real time

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its obfuscated code and network activity, which could be indicative of potential malicious behavior or supply-chain compromise.

  • High obfuscation risk
  • Moderate network risk
Per-check LLM notes
  • Network: The network calls indicate the package is making HTTP requests to external URLs which may be unexpected and could potentially be used for data exfiltration.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The obfuscation patterns detected suggest an attempt to hide code logic, which could be used for malicious purposes.
  • Credentials: No clear evidence of credential harvesting is present in the provided code snippets.
  • Metadata: The package shows low activity and poor metadata quality, raising some suspicion but not definitive indicators of malice.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 6 test file(s) found

  • Test runner config found: pyproject.toml
  • 6 test file(s) detected (e.g. test_http.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5992 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 123 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 47 commits in caliperhq/annomate
  • Single author but highly active (47 commits)

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • .0.0.1:{port}{path}" with urllib.request.urlopen(url) as resp: return resp.status, resp.read(
  • dy).encode("utf-8") req = urllib.request.Request(url, data=data, he
  • "application/json"}) with urllib.request.urlopen(req) as resp: return resp.status, json.loads
  • 0.0.1:{port}{path}" req = urllib.request.Request(url, method="HEAD") try: with urllib.req
  • "HEAD") try: with urllib.request.urlopen(req) as resp: return resp.status exc
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • o(device) self._model.eval() self._torch = torch self._resolved_device
  • odel.to(device) model.eval() self._torch = torch self._processor = proc
  • ool: try: __import__(pkg) return True except ImportError:
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with annomate-mcp 
Create a real-time annotation tool for images using the 'annomate-mcp' package. This tool will serve as a bridge between a VIA v3 image annotation platform and a user interface, allowing users to annotate images and see changes in real time. The application should have the following features:

1. User Authentication: Implement basic authentication so that only registered users can access the annotation tool.
2. Real-Time Collaboration: Multiple users should be able to annotate the same image simultaneously, with changes reflected instantly across all connected clients.
3. Annotation Types: Support various types of annotations including bounding boxes, polygons, and keypoints.
4. Image Upload: Users should be able to upload their own images for annotation.
5. Annotation History: Maintain a history of annotations made on each image, allowing users to revert to previous states if needed.
6. Export Annotations: Provide functionality to export annotations in a format compatible with VIA v3.
7. User Interface: Develop a clean and intuitive web-based UI for interacting with the tool.
8. Integration Testing: Ensure that the application works seamlessly with VIA v3 by setting up integration tests.

The 'annomate-mcp' package will be utilized to handle communication between the VIA v3 backend and your application. Specifically, it will manage the reading and writing of image annotations in real time, ensuring that any changes made by one user are immediately visible to others. Additionally, it will facilitate the synchronization of annotation data between the VIA v3 server and your application, enabling real-time collaboration among multiple users.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!