arr-mcp

v0.41.0 safe
4.0
Medium Risk

Arr Suite MCP Server for Agentic AI!

🤖 AI Analysis

Final verdict: SAFE

The package shows low risk in terms of network, shell, obfuscation, and credential handling. However, the metadata risk score is elevated due to missing maintainer information and a suspicious link.

  • Suspicious non-HTTPS link
  • Missing maintainer information
Per-check LLM notes
  • Network: The network calls appear to be standard HTTPS requests with session management, which is common and generally safe.
  • Shell: Executing shell commands like 'git ls-files' can be legitimate for version control operations within a package, but could also indicate more nefarious activities without additional context.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: Suspicious non-HTTPS link and missing maintainer information suggest potential risks.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 7 test file(s) found

  • Test runner config found: conftest.py
  • 7 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (14702 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 846 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • i_key self._session = requests.Session() self._session.verify = verify if not veri
  • token self._session = requests.Session() self._session.verify = verify if not veri
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • h): try: result = subprocess.run( ["git", "ls-files", "--cached", "--others", "--
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: example.com>

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://arr-mcp-mcp:8000/mcp
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arr-mcp 
Build a simple Python application using the arr-mcp package to demonstrate its core features.