awaithumans

v0.1.10 suspicious
6.0
Medium Risk

HITL infrastructure for AI agents. Your agent calls await_human(), a human reviews via Slack/email/dashboard, agent resumes with a typed response.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks related to shell execution and moderate risks associated with network and obfuscation techniques. While there are no definitive signs of malicious intent, the combination of these factors raises concerns about potential supply-chain attacks.

  • High shell risk indicating potential for arbitrary command execution
  • Moderate network risk suggesting possible data exfiltration
Per-check LLM notes
  • Network: The use of HTTP requests is common but could indicate data exfiltration if the endpoints are not trusted.
  • Shell: Executing shell commands can be risky as it allows arbitrary command execution, which might be exploited for malicious purposes.
  • Obfuscation: The code snippet shows base64 decoding which could be used for obfuscation but is also common in legitimate scenarios like handling encrypted data.
  • Credentials: No clear signs of credential harvesting detected.
  • Metadata: The maintainer has a new or inactive account and lacks detailed author information, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://awaithumans.dev/docs
  • Detailed PyPI description (7075 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 150 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 5 unique contributor(s) across 100 commits in awaithumans/awaithumans-human-in-the-loop-ai-agents
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • import httpx async with httpx.AsyncClient(timeout=SDK_CREATE_TIMEOUT_SECONDS) as client: creat
  • import httpx async with httpx.AsyncClient( timeout=POLL_INTERVAL_SECONDS + SDK_POLL_TIMEOUT_BU
  • import httpx async with httpx.AsyncClient(timeout=15.0) as client: res = await client.post(
  • ck_url, } async with httpx.AsyncClient(timeout=30) as client: resp = await client.post(
  • NDS``. """ async with httpx.AsyncClient(timeout=http_timeout_seconds) as client: resp = awai
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • oad_session_id"], dek=base64.b64decode(data["dek_b64"]), fragments=fragments, expir
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ] try: subprocess.run( # noqa: S603 — explicit args, fixed binary
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: awaithumans.dev>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository awaithumans/awaithumans-human-in-the-loop-ai-agents appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with awaithumans 
Create a mini-application called 'Human-in-the-Loop Assistant' (HILA) that integrates the 'awaithumans' package to facilitate human intervention in AI-driven workflows. The application should enable users to submit tasks to an AI agent, which may require human approval or input at certain points. When such a need arises, the agent should pause its execution, send a notification to a designated human reviewer via Slack, and wait for a response before proceeding.

Key Features:
1. User Interface: Develop a simple web interface where users can log in and submit tasks to the AI agent.
2. Task Submission: Users should be able to upload files or provide text inputs as tasks for the AI agent to process.
3. Human Intervention: If the AI agent encounters a situation requiring human judgment, it should call the await_human() function from the 'awaithumans' package to pause and request human input.
4. Notification System: Implement a Slack-based notification system that alerts the human reviewer when their intervention is needed.
5. Response Handling: Once the human reviewer provides feedback through Slack, the AI agent should resume its operation using the received input.
6. Logging and History: Maintain a log of all tasks submitted, actions taken by the AI agent, and human interventions for audit and review purposes.
7. Dashboard: Create a dashboard for administrators to monitor ongoing tasks, view logs, and manage user accounts.

How to Utilize 'awaithumans':
- Integrate the 'awaithumans' package into your application to handle the workflow where the AI agent needs to pause and await human input.
- Use await_human() method to pause the AI's processing when a task requires human approval or decision-making.
- Configure the package to send notifications to a Slack channel or email address for human reviewers to respond to.
- Ensure that the application captures the human response and passes it back to the AI agent to continue its execution.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!