archytas

v2.0.0 suspicious
5.0
Medium Risk

A library for pairing LLM agents with tools so they perform open ended tasks

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to the use of potentially unsafe practices like dynamic type string evaluation and accessing AWS credentials through environment variables. However, there are no direct signs of malicious intent or network/shell exploitation.

  • Eval usage with dynamic type strings
  • Access to AWS credentials via environment variables
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires internet access for its functionality.
  • Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
  • Obfuscation: The use of eval with dynamically provided type strings is risky and suggests potential for code injection or obfuscation.
  • Credentials: Environmental variable access for AWS credentials could indicate proper use for an application requiring AWS services, but also poses a risk if not handled securely.
  • Metadata: Low risk, but the maintainer's lack of information and history suggests low effort or inactivity.

📦 Package Quality Overall: Low (4.6/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2786 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 178 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 10 unique contributor(s) across 100 commits in jataware/archytas
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • fined it try: t = eval(type_str, globals) except Exception as e: raise
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 10.0

Found 5 credential access pattern(s)

  • self.aws_session_token = os.environ.get('AWS_SESSION_TOKEN', None) def initialize_model(self, **kwa
  • , **kwargs): region = os.environ.get('AWS_REGION', self.DEFAULT_REGION) max_tokens = None
  • 'service-quotas', region_name=os.environ.get("AWS_REGION", "us-east-1")) logging.info("BedrockMode
  • client('bedrock', region_name=os.environ.get("AWS_REGION", "us-east-1")) quota_service = boto3.cli
  • 'service-quotas', region_name=os.environ.get("AWS_REGION", "us-east-1")) except Exception as e:
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: jataware.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository jataware/archytas appears legitimate

Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archytas 
Create a mini-application named 'TaskMaster' that leverages the 'archytas' Python package to pair an AI agent with various tools, enabling it to execute complex, open-ended tasks efficiently. The application should have a user-friendly interface where users can input their task requirements, and TaskMaster will delegate these tasks to appropriate tools or services, ensuring seamless execution and monitoring of progress.

Step-by-Step Instructions:
1. Set up a virtual environment for your project and install the required packages including 'archytas'.
2. Design the user interface using a web framework like Flask or Django. This interface should allow users to input their tasks and view the status of ongoing tasks.
3. Utilize the 'archytas' package to define different types of tasks and the tools required to complete them. For example, a task could be 'write a blog post', which would require tools like a text generation API and a grammar checker.
4. Implement a system within 'TaskMaster' that analyzes the user's input, selects the appropriate tools from the 'archytas' library, and delegates the task to these tools.
5. Monitor the progress of each task and provide updates to the user through the interface.
6. Integrate error handling to manage any issues that arise during task execution and provide feedback to the user.
7. Test the application thoroughly to ensure all functionalities work as expected.
8. Deploy the application on a cloud platform such as Heroku or AWS.

Suggested Features:
- User authentication and authorization to manage multiple users and their tasks.
- A dashboard showing the status of all tasks assigned to the user.
- Detailed logs for each task, including timestamps and tool usage.
- Notifications for task completion or failure.
- An API for integrating TaskMaster with other applications or services.

How 'archytas' is Utilized:
- Define tasks and the corresponding tools needed to complete them using the 'archytas' package.
- Use 'archytas' to pair the defined tasks with the appropriate tools dynamically based on user inputs.
- Leverage 'archytas' to monitor the interaction between the AI agent and the tools, ensuring efficient task execution.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!