azathoth

v0.0.3 suspicious
7.0
High Risk

Azathoth: Dual-Protocol AI Intelligence Layer (MCP + A2A)

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks associated with network calls and shell command execution, indicating potential malicious behavior. Despite a low credential risk, the combination of high-risk factors suggests a possible supply-chain attack.

  • High network risk
  • High shell risk
Per-check LLM notes
  • Network: The network calls to external repositories may indicate unauthorized access or data exfiltration.
  • Shell: Executing shell commands can lead to arbitrary code execution, suggesting potential for malicious activities.
  • Obfuscation: The observed obfuscation patterns suggest potential malicious intent as they do not align with typical legitimate use cases.
  • Credentials: No clear signs of credential harvesting detected.
  • Metadata: The package shows low effort in metadata and authorship, which could indicate potential risk.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 13 test file(s) found

  • Test runner config found: conftest.py
  • 13 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1789 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 112 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 77 commits in Yrrrrrf/azathoth
  • Single author but highly active (77 commits)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • rname}/repos" async with httpx.AsyncClient() as client: resp = await client.get(api_url, params
  • try: async with httpx.AsyncClient(timeout=self._timeout) as client: resp = awa
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ders.{impl.stem}" __import__(module_name) from azathoth.providers.base import Provider, Prov
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • w-toplevel"] result = subprocess.run( cmd, cwd=path.parent, capture_output=True, text
  • -toplevel"] res = subprocess.run( cmd, cwd=p_target, capture_output=True, tex
  • plevel"] result = subprocess.run( cmd, cwd=target_path, capture_output=True,
  • w-toplevel"] result = subprocess.run( cmd, cwd=target_dir, capture_output=True, text=
  • "git_test" d.mkdir() subprocess.run(["git", "init"], cwd=d, check=True) subprocess.run(
  • nit"], cwd=d, check=True) subprocess.run( ["git", "config", "user.email", "[email protected]"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: outlook.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository Yrrrrrf/azathoth appears legitimate

Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with azathoth 
Create a versatile communication tool called 'AzComm' that leverages the 'azathoth' Python package to facilitate seamless interactions between different AI systems and human users. This application will serve as a dual-protocol interface, supporting both Machine Communication Protocol (MCP) and Agent-to-Agent (A2A) communication methods. Your task is to design and implement a user-friendly command-line interface (CLI) that allows users to interact with various AI services through simple commands. Additionally, the app should enable AI agents to communicate with each other using predefined protocols.

Key Features:
1. User Interaction: Allow users to send queries or commands to specific AI services (e.g., weather forecasting, news updates, etc.) via a CLI.
2. AI-AI Communication: Enable AI agents to exchange information or collaborate on tasks using the A2A protocol.
3. Flexible Protocols: Support both MCP and A2A protocols within the same application to ensure broad compatibility.
4. Logging and Monitoring: Implement logging functionality to track all communications for debugging and analysis purposes.
5. Security Measures: Incorporate basic security features to protect data integrity and privacy during transmission.

How to Utilize 'azathoth':
- Use the 'azathoth' package to establish connections between different AI systems and handle protocol-specific operations.
- Leverage the package's capabilities to encode and decode messages according to the selected protocol (MCP or A2A).
- Employ 'azathoth' for session management, ensuring secure and efficient communication channels are maintained throughout interactions.

Your goal is to create a fully functional mini-app that demonstrates the potential of the 'azathoth' package in facilitating complex AI communications while providing a practical utility for end-users.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!