ask-human

v0.3.2 suspicious
4.0
Medium Risk

MCP server that lets AI agents ask the user for input via Telegram or a GUI dialog and wait for the answer.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package 'ask-human' has low risks associated with obfuscation and credential harvesting, but its metadata suggests potential concerns due to newness and lack of detailed author information.

  • Low obfuscation risk (1/10)
  • Low credential risk (1/10)
  • Metadata risk due to new upload and incomplete author details (5/10)
Per-check LLM notes
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is newly uploaded with minimal engagement and incomplete author information, raising some suspicion but not conclusive evidence of malice.

πŸ“¦ Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present β€” 16 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 16 test file(s) detected (e.g. __init__.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (19815 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 99 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 41 commits in alexchexes/ask-human
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • else {} request_obj = urllib.request.Request( request_url, data=request_d
  • try: with urllib.request.urlopen(request_obj, timeout=timeout) as response:
  • try: with urllib.request.urlopen(file_url, timeout=60) as response: w
  • utf-8") request_obj = urllib.request.Request( request_url, data=request_d
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • ignore[attr-defined] subprocess.Popen( command, stdin=subprocess.DEVNULL,
  • ythonpath ) result = subprocess.run( [sys.executable, "-m", "ask_human", "--help"],
  • as a module.""" result = subprocess.run( [sys.executable, "-m", "ask_human", "--help"],
  • """ try: result = subprocess.run(["ask-human", "--help"], capture_output=True, text=True)
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com>

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 6.0

3 maintainer concern(s) found

  • Package is very new: uploaded 3 day(s) ago
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with ask-human 
Create a personalized task management mini-app using the 'ask-human' package in Python. This app will allow users to create, manage, and prioritize tasks through a simple Telegram bot interface. The app will leverage the 'ask-human' package to interact directly with the user for task-related information such as task names, due dates, priorities, and completion status. Here’s a step-by-step guide on how to build this mini-app:

1. **Setup Project Environment**: Start by setting up a new Python environment and install necessary packages including 'ask-human', 'python-telegram-bot', and any other dependencies.
2. **Configure Telegram Bot**: Use the Telegram Bot API to create a bot that interacts with users. Integrate the 'ask-human' package to handle user inputs for task details.
3. **Task Management Features**:
   - **Task Creation**: Allow users to add new tasks by sending commands to the bot. The 'ask-human' package will prompt users for task name, description, due date, and priority level.
   - **View Tasks**: Implement a command for users to view their current tasks. Display tasks based on their priority levels and due dates.
   - **Update Tasks**: Provide functionality for users to update task details, such as changing due dates or marking tasks as completed.
4. **Prioritization System**: Design a simple prioritization system where users can set the importance of each task. The 'ask-human' package will assist in gathering this information.
5. **User Interaction**: Ensure smooth interaction between the user and the bot. Use 'ask-human' to make sure all necessary user inputs are collected accurately and efficiently.
6. **Testing & Deployment**: Test your bot thoroughly to ensure all commands work as expected. Deploy the bot on a server to make it accessible to users via Telegram.
7. **Enhancements**: Consider adding additional features like reminders for upcoming deadlines or integration with a calendar app.

This project aims to demonstrate the practical use of the 'ask-human' package in building interactive applications that require direct user input.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!