ari-mcp-py

v0.1.3 suspicious
4.0
Medium Risk

MCP server for ARI (Agentic Rate Indicators). Live fair-market-value lookups, leaderboards, and signed-receipt verification for x402/MPP services Β· usable from any MCP-aware agent (Claude Desktop, Cursor, Continue, Windsurf, Zed, ChatGPT desktop, Gemini CLI).

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its network interactions and metadata profile, though no concrete evidence of malicious activity was found.

  • moderate network risk
  • author with single package
Per-check LLM notes
  • Network: The package makes network calls which appear to be intended for legitimate API interactions, but further investigation is needed to ensure they are not being misused.
  • Shell: No shell execution patterns were detected, indicating a low risk of direct system command execution.
  • Obfuscation: The observed pattern is likely related to data validation and not indicative of malicious obfuscation.
  • Credentials: No patterns indicating credential harvesting were detected.
  • Metadata: The author has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

πŸ“¦ Package Quality Overall: Medium (5.6/10)

β—ˆ Medium Test Suite 6.0

Partial test coverage signals detected

  • 2 test file(s) detected (e.g. test_canonical.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://agentrateindicators.com/docs/mcp
  • Detailed PyPI description (5389 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 36 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 8 commits in Antmanbuilds/ARI
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • BASE_URL try: r = httpx.post(f"{base.rstrip('/')}/api/v1/mcp/install-ping", json=body, ti
  • skip_pin self._http = httpx.Client(timeout=timeout, follow_redirects=True) if public_k
⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • try: sig_bytes = base64.b64decode(signature_b64, validate=True) except (ValueError, TypeEr
βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository Antmanbuilds/ARI appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Agentic Rate Indicators" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with ari-mcp-py 
Create a Python-based command-line tool that integrates with the 'ari-mcp-py' package to provide real-time financial data analysis and verification services for users interested in x402/MPP services. This tool will serve as a comprehensive utility for managing and verifying transactions within the specified service ecosystem. Here’s a detailed breakdown of the functionalities your tool should implement:

1. **Live Fair-Market Value Lookup**: Implement a feature where users can input specific identifiers (such as asset IDs) to fetch their current fair-market value directly from the MCP server through the 'ari-mcp-py' package. Ensure that this information is updated in real-time.

2. **Leaderboard Display**: Utilize the leaderboard functionality provided by 'ari-mcp-py' to display a top list of entities based on certain criteria such as total transaction volume or highest fair-market value. Users should be able to choose which criteria they want to view the leaderboard for.

3. **Signed Receipt Verification**: Include a module that allows users to upload a receipt (a digital file representing a transaction) and verify its authenticity using the signed-receipt verification capabilities of 'ari-mcp-py'. This will help ensure the integrity and legitimacy of transactions.

4. **User-Friendly Interface**: Design the tool with a clean and intuitive command-line interface (CLI) that guides users through each feature seamlessly. Provide clear instructions and error messages to enhance user experience.

5. **Configuration Management**: Allow users to configure their API keys and other necessary credentials securely through a configuration file or environment variables. Ensure that these settings are protected against unauthorized access.

6. **Documentation and Help**: Include thorough documentation and a built-in help system within the CLI to assist new users in understanding how to use each feature effectively.

The goal is to create a robust, secure, and user-friendly tool that leverages the powerful capabilities of 'ari-mcp-py' to provide valuable services for x402/MPP service users.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!