archicad-mcp

v0.1.1 suspicious
5.0
Medium Risk

MCP server for Archicad automation via the Tapir JSON API

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential malicious intent due to obfuscation techniques and credential risks, but lacks strong indicators of a full supply-chain attack.

  • High obfuscation risk due to use of compile() and exec()
  • Potential credential risk from reading the hosts file
Per-check LLM notes
  • Network: The use of aiohttp for network requests is common and suggests the package is designed to interact with web services.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The use of compile() and exec() suggests an attempt to bypass static analysis, which is commonly used in malicious code.
  • Credentials: Reading the hosts file might be part of testing functionality but could also indicate an attempt to modify system configurations, potentially for malicious purposes.
  • Metadata: The maintainer seems new or inactive, and the repository has low engagement.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 14 test file(s) found

  • Test runner config found: pyproject.toml
  • 14 test file(s) detected (e.g. __init__.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7579 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • Type checker (mypy / pyright / pytype) referenced in project
  • 161 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 54 commits in Boti-Ormandi/archicad-mcp
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • nection pooling session = aiohttp.ClientSession( timeout=aiohttp.ClientTimeout(total=300), c
  • available.""" async with aiohttp.ClientSession(timeout=aiohttp.ClientTimeout(total=2)) as session:
  • eal session.""" session = aiohttp.ClientSession(timeout=aiohttp.ClientTimeout(total=30)) mgr = Connectio
  • for tests.""" async with aiohttp.ClientSession() as session: yield session @pytest.fixture def co
  • for tests.""" async with aiohttp.ClientSession() as session: yield session @pytest.fixture def ma
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • # Compile code = compile(wrapped_script, "<script>", "exec") # Execute the wrapper to define __script_mai
  • llowed}") return builtins.__import__(name, globals, locals, fromlist, level) # Safe subset of builtins for scripts SCRIPT_BUILTINS: di
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • n("C:/Windows/System32/drivers/etc/hosts", "r") def test_allows_write_to_desktop(self) -> None:
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Botond Ormandi" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archicad-mcp 
Create a Python-based mini-application that automates the process of exporting architectural models from Graphisoft Archicad using the 'archicad-mcp' package. This tool will streamline the workflow for architects and designers by allowing them to export their models directly from Archicad into various formats like IFC, DWG, or PDF without needing to manually go through Archicad's interface.

The application should have the following core functionalities:
1. Connect to the running instance of Archicad via the MCP server provided by 'archicad-mcp'.
2. Allow users to select the model they want to export.
3. Provide options to choose the format of the exported file (IFC, DWG, PDF).
4. Enable users to specify the path where the exported files should be saved.
5. Handle errors gracefully, such as when Archicad is not running or the selected model cannot be found.
6. Include a simple GUI built with Tkinter or a similar library to make the tool user-friendly.
7. Implement logging to record actions performed and any issues encountered during execution.

In addition to these core functionalities, consider adding the following optional features to enhance the application:
- Support for batch processing, allowing multiple models to be exported at once.
- Integration with cloud storage services like AWS S3 for direct uploading of exported files.
- A feature to automatically send emails with the download link of the exported files to specified recipients.
- Customizable settings for export options, such as resolution for PDF exports or specific IFC schema versions.

The 'archicad-mcp' package will be used primarily to establish a connection between the application and Archicad, sending commands to export models based on user input, and handling responses from Archicad. Ensure that the application is robust, well-documented, and easy to use for non-technical users.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!