asqav-mcp

v0.3.7 suspicious
5.0
Medium Risk

MCP server for Asqav AI agent governance

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to potential network interactions and concerns over metadata quality and maintainer activity.

  • Network risk is present, suggesting possible interaction with external services.
  • Metadata quality and maintainer activity are poor, raising suspicion.
Per-check LLM notes
  • Network: The presence of network calls suggests the package may be designed to interact with external services, but further investigation is needed to confirm legitimacy.
  • Shell: No shell execution patterns detected, indicating low risk of direct system command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising suspicion.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 6 test file(s) found

  • Test runner config found: pyproject.toml
  • 6 test file(s) detected (e.g. test_proxy_call_tool_integration.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (15795 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 73 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • ication/json"} async with httpx.AsyncClient() as client: response = await client.request(
  • y: async with httpx.AsyncClient() as client: fwd = await client.post(
  • ication/json"} async with httpx.AsyncClient() as client: response = await client.post(
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://sql-service/execute
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with asqav-mcp 
Develop a fully-functional mini-application called 'AsqavGuard' that serves as a management dashboard for the Asqav AI agents. This application will leverage the 'asqav-mcp' package to interact with and manage these AI agents effectively. Here are the key functionalities and steps to implement this project:

1. **Setup Environment**: Begin by setting up your development environment. Ensure you have Python installed along with the 'asqav-mcp' package.
2. **Core Functionality**: Utilize 'asqav-mcp' to establish a connection to the MCP server. This server acts as a central hub for managing all AI agents under Asqav governance.
3. **Agent Management Interface**: Create a user-friendly interface where users can view, add, modify, and delete AI agents registered with the MCP server. Each operation should reflect changes in real-time on the server.
4. **Monitoring and Analytics**: Implement a feature that allows users to monitor the performance of AI agents. This could include metrics like response time, error rates, and usage statistics.
5. **Security Features**: Incorporate security measures such as user authentication and authorization. Only authorized users should be able to perform certain actions like modifying or deleting AI agents.
6. **Documentation and Support**: Provide comprehensive documentation for both end-users and developers. Include examples of how to integrate 'AsqavGuard' into existing systems or workflows.

This project aims to demonstrate the power and flexibility of the 'asqav-mcp' package while providing a valuable tool for managing AI agents efficiently.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!