arcgentic

v2.0.0 suspicious
4.0
Medium Risk

Moirai-derived gated engineering workflow for AI coding — Python CLI for Arcgentic V2

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk level primarily due to its use of shell execution, which can potentially lead to arbitrary command execution. Despite low risks in other areas, the novelty of the maintainer's account raises some concern.

  • High shell risk due to potential for arbitrary command execution.
  • Low activity from the maintainer suggests caution.
Per-check LLM notes
  • Network: No network calls detected, which is low risk.
  • Shell: Detected use of shell execution may indicate potential for executing arbitrary commands, suggesting higher risk.
  • Obfuscation: No obfuscation patterns detected, suggesting low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating safe handling of sensitive information.
  • Metadata: The maintainer has only one package, suggesting it might be a new or less active account.

📦 Package Quality Overall: Medium (6.0/10)

✦ High Test Suite 9.0

Test suite present — 26 test file(s) found

  • Test runner config found: pyproject.toml
  • 26 test file(s) detected (e.g. test_end_to_end_round.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2356 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 415 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in Arch1eSUN/Arcgentic
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • one try: result = subprocess.run( fact.command, shell=True,
  • """ try: result = subprocess.run( command, shell=True, ca
  • """ try: result = subprocess.run( ["git", *args], capture_output=True
  • try: result = subprocess.run( [self._claude_binary, "-p", wrapped],
  • try: result = subprocess.run( [self._claude_binary, "-p", prompt],
  • try: result = subprocess.run( command, shell=True,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository Arch1eSUN/Arcgentic appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Arc Studio" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arcgentic 
Create a Python-based mini-application that leverages the 'arcgentic' package to streamline the development of machine learning models. The application should serve as a user-friendly command-line interface (CLI) tool that simplifies the process of setting up, training, evaluating, and deploying ML models. Here’s a detailed breakdown of what the application should accomplish:

1. **Setup Phase**: The tool should guide users through the setup of their environment by checking for necessary dependencies and libraries. It should also allow users to configure the project by specifying details such as the type of model they wish to develop, data sources, and any specific requirements for the project.

2. **Model Development**: Utilize the 'arcgentic' package to manage the gated engineering workflow, ensuring that each phase of the model development is executed systematically and efficiently. This includes automating tasks such as data preprocessing, feature selection, and model training.

3. **Evaluation Phase**: Implement functionality within the application to evaluate the performance of the developed models using appropriate metrics. Users should be able to choose between different evaluation methods based on their specific needs.

4. **Deployment**: Finally, the application should facilitate the deployment of the trained models. This could involve packaging the models into containers, setting up API endpoints for real-time predictions, or deploying them on cloud platforms.

Some suggested features include:
- Interactive configuration options via the CLI.
- Integration with popular ML frameworks and libraries (e.g., TensorFlow, PyTorch).
- Support for multiple types of datasets and data formats.
- Detailed logging and reporting mechanisms to track the progress and performance of the models.
- Customizable workflows to accommodate various ML projects.

The 'arcgentic' package will be central to managing the structured approach to developing these models, ensuring that best practices are followed throughout the process. By leveraging 'arcgentic', the application aims to reduce the complexity and time required for developing robust machine learning solutions.