archrails-mcp

v0.6.1 suspicious
7.0
High Risk

ArchRails MCP — thin local CLI that proxies the cloud handler. The cloud runs the validators; the CLI ships only transport, auth, git-diff capture, and architect-mode YAML editing.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple concerning behaviors including high risks associated with shell execution, obfuscation techniques, and potential credential exposure, suggesting possible malicious intent. However, there is insufficient evidence to conclusively label it as malicious.

  • High shell risk indicating potential unauthorized system actions
  • Significant obfuscation techniques used in the code
Per-check LLM notes
  • Network: The package makes network calls which could potentially be used for data exfiltration or to communicate with external services.
  • Shell: The package executes shell commands which may indicate the ability to perform actions on the system, potentially leading to unauthorized operations.
  • Obfuscation: The use of __import__('sys').stderr and unusual string formatting suggests an attempt to obscure code logic.
  • Credentials: The presence of paths like '../../etc/passwd' indicates potential unauthorized access attempts to sensitive files.
  • Metadata: The maintainer has a new or inactive account and the package lacks PyPI classifiers, indicating low effort in maintaining it.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 20 test file(s) found

  • 20 test file(s) detected (e.g. test_attest_verify.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2653 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 129 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • tderr) try: req = urllib.request.Request(url, headers={"User-Agent": "archrails-mcp"})
  • archrails-mcp"}) with urllib.request.urlopen(req, timeout=30) as resp: return resp.re
  • True, exist_ok=True) with urllib.request.urlopen(url) as resp, open(dest, "wb") as f: shutil.
  • sums_text = "" with urllib.request.urlopen(shasums_url()) as resp: sums_text = resp.rea
  • tic, not a gate.""" req = urllib.request.Request( url, method="HEAD", headers
  • , ) try: with urllib.request.urlopen(req, timeout=timeout) as resp: return f"
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • {repo_url}", file=__import__("sys").stderr, ) else: repo_url = git_remote.r
  • d key.", file=__import__("sys").stderr, ) manifest = _fetch_manifest(creds,
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • =sys.stderr, ) proc = subprocess.run(cmd) if proc.returncode != 0: return proc.return
  • @{version}", ] proc = subprocess.run(cmd, capture_output=True, text=True) if proc.returncode
  • binary can run. verify = subprocess.run([str(CALM_LOCAL_BIN), "--version"], capture_output=True, tex
  • e user's terminal. proc = subprocess.run([binary] + argv) return proc.returncode """archrails ch
  • r]: try: result = subprocess.run( cmd, cwd=str(repo_path),
  • """ try: result = subprocess.run( ["git", "remote", "get-url", "origin"],
Credential Harvesting score 10.0

Found 5 credential access pattern(s)

  • Defensive: output_path: '../../etc/passwd' MUST be refused. The tool runs in the agent's local pr
  • .run(tmp_path, output_path="../etc/passwd") assert out["outcome"] == "refused" assert "escape
  • malicious `output_path: "../../etc/passwd"` could # write outside the customer's repo. The tool r
  • 's the same trust shape as `~/.aws/credentials`. Schema (versioned so we can evolve it without breaking i
  • derr) try: key = getpass.getpass("Paste API key (input hidden): ").strip() except (Keyboa
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "ArchRails" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archrails-mcp 
Create a mini-application called 'CodeGuard' that leverages the 'archrails-mcp' package to ensure code quality and compliance within a development team. This tool will serve as a pre-commit hook for Git, automatically validating each commit against predefined rules before allowing it to be committed to the repository.

### Features:
1. **Pre-Commit Validation**: Automatically run validation checks on code changes before committing them to the repository.
2. **Rule Configuration**: Allow users to configure validation rules via a YAML file stored in the repository.
3. **Cloud-Based Validation**: Utilize the 'archrails-mcp' package to proxy validation requests to a cloud-based service, ensuring that only lightweight transport, authentication, and diff capture logic are handled locally.
4. **Architect Mode Editing**: Provide an option to directly edit the validation rules using the 'architect-mode' feature of 'archrails-mcp', making it easier for non-technical users to manage rules.
5. **Detailed Reports**: Generate comprehensive reports on validation results, highlighting any issues found and suggesting fixes.
6. **Customizable Notifications**: Allow users to set up notifications (e.g., via email or Slack) when validation fails or passes.

### How 'archrails-mcp' is Utilized:
- Use 'archrails-mcp' to establish a secure connection between the local environment and the cloud-based validation service.
- Leverage the 'git-diff capture' capability to send only the relevant code changes to the cloud for validation.
- Implement the 'auth' functionality provided by 'archrails-mcp' to authenticate requests and ensure data integrity.
- Employ the 'transport' layer to efficiently transfer data between the local machine and the cloud service.
- Use the 'architect-mode YAML editing' feature to allow users to easily modify the validation rules without needing to understand complex configurations.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!