This module is not obviously containing intentionally hidden malware in itself (no obfuscation or hardcoded exfiltration), but it provides powerful primitives that make it high risk in a supply-chain context. The primary risks are arbitrary shell execution (subprocess.Popen with shell=True on external data) and unsanitized file writes (append to arbitrary paths). Combined with opaque external agents that produce steps and may perform network I/O, this creates a moderate-to-high security risk: an attacker who can influence step data, agent outputs, or stdin can execute commands, modify files, and potentially exfiltrate data. Strong mitigation (whitelisting allowed commands, validating file paths to restrict writes within repo, running with least privilege, auditing agent communications) is required before trusting this code in production.
Live on pypi for 5 days, 4 hours and 35 minutes before removal. Socket users were protected even while the package was live.