atomicmemory-hermes

v0.1.17 suspicious
6.0
Medium Risk

AtomicMemory native Hermes memory provider.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows significant obfuscation and shell execution risks, indicating possible attempts to conceal its true purpose or behavior. While no direct evidence of malicious activities was found, the overall pattern raises concerns about potential supply-chain attacks.

  • Unusual obfuscation patterns
  • Detection of shell execution
Per-check LLM notes
  • Network: No network calls detected, which is normal and not suspicious.
  • Shell: Detection of shell execution suggests the package may install dependencies or perform setup tasks, but further investigation is needed to confirm legitimacy.
  • Obfuscation: The obfuscation pattern is unusual and may indicate an attempt to hide code behavior, raising suspicion.
  • Credentials: No clear signs of credential harvesting detected, but further investigation is recommended.
  • Metadata: Suspicious non-HTTPS link and low maintainer activity suggest potential risk.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 7 test file(s) found

  • 7 test file(s) detected (e.g. test_breaker.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://docs.atomicstrata.ai/integrations/coding-agents/herm
  • Detailed PyPI description (6387 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 94 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 32 commits in atomicstrata/atomicmemory
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ={"HERMES_HOME": tmp, "PATH": __import__("os").environ.get("PATH", "")}, ) expecte
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • cmemory" result = subprocess.run( ["node", str(PLUGIN_ROOT / "install.mjs"),
  • as tmp: result = subprocess.run( ["node", str(PLUGIN_ROOT / "install.mjs"),
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:17350
Git Repository History

Repository atomicstrata/atomicmemory appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Atomic Strata" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with atomicmemory-hermes 
Create a real-time data synchronization tool named 'SyncPulse' using Python and the 'atomicmemory-hermes' package. This tool will allow users to synchronize data across multiple devices in real-time, ensuring consistency and integrity of the data. Here are the steps and features you need to implement:

1. **Setup Environment**: Ensure your development environment has Python installed, along with the 'atomicmemory-hermes' package. You may also need to install other necessary libraries such as Flask for the web server and any additional tools for real-time communication like SocketIO.

2. **Design Data Model**: Define the structure of the data that will be synchronized. Consider simple key-value pairs or more complex objects that include nested structures. Use 'atomicmemory-hermes' to manage these data structures efficiently, ensuring that updates are atomic and consistent.

3. **Implement Real-Time Synchronization**: Develop a mechanism where changes made on one device are instantly reflected on all connected devices. Use WebSocket technology via Flask-SocketIO to facilitate real-time communication between clients and the server.

4. **Data Consistency Check**: Implement a feature that checks for data consistency across all devices periodically. If inconsistencies are detected, use 'atomicmemory-hermes' to resolve them by applying the latest version of the data from a trusted source.

5. **User Interface**: Create a simple user interface using HTML, CSS, and JavaScript that allows users to view and modify the synchronized data. Ensure the UI is responsive and intuitive.

6. **Security Measures**: Incorporate basic security measures such as user authentication and authorization to ensure only authorized users can access and modify the data.

7. **Testing and Documentation**: Thoroughly test the application to ensure it works as expected under various conditions. Write clear documentation explaining how to set up and use SyncPulse, including how to integrate it into existing systems.

In this project, the 'atomicmemory-hermes' package will be crucial for managing the synchronization process. It ensures that data updates are handled atomically, meaning that either all parts of the update are applied or none at all, preventing partial updates which could lead to data corruption. Additionally, it provides mechanisms for checking and resolving conflicts when multiple users attempt to modify the same data simultaneously.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!