anywhere-agents

v0.7.3 suspicious
5.0
Medium Risk

Install the anywhere-agents AI agent config (AGENTS.md, skills, guard hook, settings) into any project.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its network activities, subprocess execution, and handling of the GITHUB_TOKEN environment variable. While these actions might be legitimate, they warrant further investigation to ensure there are no underlying malicious intents.

  • network risk
  • shell risk
  • credential risk
Per-check LLM notes
  • Network: The package performs network calls which may be legitimate for downloading resources, but should be reviewed for URLs and frequency.
  • Shell: Subprocess execution is detected, which could be used for various purposes including running scripts; however, it poses a higher risk due to potential code injection or command execution vulnerabilities.
  • Obfuscation: No signs of code obfuscation detected.
  • Credentials: The code is accessing and using the GITHUB_TOKEN environment variable, which may indicate legitimate GitHub API interaction but also poses a risk for unauthorized access if not handled securely.
  • Metadata: The author has only one package, which may indicate a new or less active user, but no other red flags are present.

📦 Package Quality Overall: Medium (5.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3003 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 269 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in yzhao062/anywhere-agents
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • from {url}") try: urllib.request.urlretrieve(url, out_path) # noqa: S310 (user-controlled UR
  • = None try: with urllib.request.urlopen(url, timeout=30) as resp: body: bytes =
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • )") try: result = subprocess.run(interpreter_argv + [str(out_path)], check=False) except
  • pdate(env_extra) result = subprocess.run(cmd, cwd=str(project_root), env=env, check=False) return
  • tly try: result = subprocess.run( [sys.executable, str(generator), "--root", str(
  • one try: result = subprocess.run( [git, "ls-remote", "--exit-code", url, ref],
  • """ try: result = subprocess.run( ["ssh-add", "-l"], capture_output=T
  • """ try: result = subprocess.run( ["gh", "auth", "status"], capture_o
Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • non-empty.""" return bool(os.environ.get("GITHUB_TOKEN", "").strip()) # ========================================
  • env["GITHUB_TOKEN"] = os.environ.get("GITHUB_TOKEN", "") target = url if url.startswith("http") else _
  • env["GITHUB_TOKEN"] = os.environ.get("GITHUB_TOKEN", "") target = _to_https_url(url) if not url.starts
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository yzhao062/anywhere-agents appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Yue Zhao" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with anywhere-agents 
Create a versatile personal assistant application using the 'anywhere-agents' Python package. This application will serve as a command-line interface (CLI) tool that allows users to manage their daily tasks and receive intelligent responses based on user queries. The assistant will be capable of understanding natural language inputs, performing basic task management (such as adding, deleting, and listing tasks), and providing relevant information or advice when queried.

Steps to create the application:
1. Set up a new Python project and install the 'anywhere-agents' package.
2. Configure the AGENTS.md file to define the roles and capabilities of your assistant agents.
3. Implement skills that allow the assistant to understand and execute commands related to task management.
4. Develop a guard hook mechanism to ensure that only valid and safe commands are executed.
5. Integrate settings to customize the behavior of your assistant according to user preferences.
6. Create a CLI interface that allows users to interact with the assistant.
7. Test the application thoroughly to ensure it works as expected.

Suggested Features:
- Add tasks with descriptions and due dates.
- List all current tasks.
- Mark tasks as completed.
- Delete tasks.
- Provide reminders for upcoming tasks.
- Answer general knowledge questions using web search capabilities.
- Offer personalized advice based on user input.

How 'anywhere-agents' is utilized:
- Use 'anywhere-agents' to configure the setup of your assistant agents, ensuring they are properly initialized and have access to necessary resources.
- Leverage the package's skill system to develop and integrate various functionalities for your assistant.
- Utilize the guard hook feature to implement security measures and prevent unauthorized actions.
- Customize the assistant's behavior through settings defined within the 'anywhere-agents' framework.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!