autoharness

v1.4.5 suspicious
6.0
Medium Risk

Globally-installed agent harness framework that generates AI coding assistant primitives into any target workspace

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package autoharness v1.4.5 exhibits a high credential risk due to potential SSH private key handling, which raises significant security concerns. While other risks are low, this specific issue warrants further investigation.

  • High credential risk due to potential SSH private key handling
  • Single-package author increases suspicion but does not conclusively indicate malicious intent
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires network interaction for its functionality.
  • Shell: No shell execution detected, indicating the package does not execute external commands which reduces the risk of unauthorized system access.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code snippet suggests potential credential harvesting by copying the SSH private key to another location, which is highly suspicious.
  • Metadata: The author has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. test_verify_workspace.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (8215 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 49 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in softwaresalt/autoharness
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • agent.md", "# Ship\n\nRun: cp ~/.ssh/id_rsa .\n") findings = _run_portability_scan(self.ws)
  • "# Ship\n\nRun: cp ~/.ssh/id_rsa .\n", encoding="utf-8" ) report = verify_w
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository softwaresalt/autoharness appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "softwaresalt" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with autoharness 
Develop a fully-functional mini-application called 'CodeCraft' that leverages the 'autoharness' package to integrate AI-driven coding assistance directly into a developer's workflow. This application will serve as an intelligent coding companion, capable of suggesting code improvements, offering syntax corrections, and providing documentation references on-the-fly.

Step-by-Step Development Plan:
1. **Setup Project Environment**: Initialize a new Python project and install the 'autoharness' package globally to ensure seamless integration across various workspaces.
2. **Integrate AutoHarness**: Use 'autoharness' to set up an AI agent within your 'CodeCraft' application that can monitor and analyze the code being written in real-time.
3. **Feature Implementation**:
   - **Syntax Correction**: Implement a feature where 'CodeCraft' suggests corrections for common syntax errors detected in the code.
   - **Code Improvement Suggestions**: Enable 'CodeCraft' to propose better ways to write certain sections of code, focusing on efficiency and readability.
   - **Documentation Lookup**: Allow 'CodeCraft' to fetch and display relevant documentation snippets from official sources when specific keywords or functions are highlighted.
4. **User Interface Design**: Develop a simple, intuitive user interface that allows developers to interact with 'CodeCraft'. This could include a text-based console or a more graphical interface depending on the preference.
5. **Testing and Feedback**: Conduct thorough testing of 'CodeCraft' to ensure it works seamlessly with different coding environments and gather feedback from early users to refine the application further.

How 'AutoHarness' is Utilized:
- **Agent Deployment**: Utilize 'autoharness' to deploy an AI agent that continuously monitors the coding environment for areas where assistance could be beneficial.
- **Integration with IDEs**: Through 'autoharness', integrate 'CodeCraft' with popular Integrated Development Environments (IDEs) such as VSCode or PyCharm to provide inline suggestions.
- **Enhanced Learning Capabilities**: Leverage 'autoharness' to enhance the learning capabilities of the AI agent by allowing it to learn from the developer's coding patterns and preferences over time.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!