machi
mcp
Basarisiz
Health Gecti
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 288 GitHub stars
Code Basarisiz
- rm -rf — Recursive force deletion command in install.sh
- network request — Outbound network request in install.sh
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
Machi is a lightweight AI agent framework written in Rust, designed to help developers build and manage AI-driven applications and tools.
Security Assessment
The tool is written in Rust, which provides strong memory safety guarantees. However, the installation script raises some security concerns. It contains a `rm -rf` recursive force deletion command, which could be dangerous if it targets unintended directories. The script also makes outbound network requests, likely to download necessary dependencies or binaries. No hardcoded secrets were found, and the core application itself does not request inherently dangerous permissions. Overall risk is rated as Medium due to the destructive commands and network activity present in the installation process.
Quality Assessment
The project is actively maintained, with its most recent code push occurring just today. It has garnered 288 GitHub stars, indicating a decent level of community trust and adoption. However, there is a discrepancy regarding its licensing. The automated scan detected "NOASSERTION," while the README states it uses the Functional Source License (FSL-1.1-ALv2). This is a source-available license that restricts "competing use" for two years before converting to the standard open-source Apache 2.0 license. Developers should verify if this restriction aligns with their project's commercial goals.
Verdict
Use with caution: inspect the installation script for safe directory paths before running, and ensure the non-compete license restrictions fit your use case.
Machi is a lightweight AI agent framework written in Rust, designed to help developers build and manage AI-driven applications and tools.
Security Assessment
The tool is written in Rust, which provides strong memory safety guarantees. However, the installation script raises some security concerns. It contains a `rm -rf` recursive force deletion command, which could be dangerous if it targets unintended directories. The script also makes outbound network requests, likely to download necessary dependencies or binaries. No hardcoded secrets were found, and the core application itself does not request inherently dangerous permissions. Overall risk is rated as Medium due to the destructive commands and network activity present in the installation process.
Quality Assessment
The project is actively maintained, with its most recent code push occurring just today. It has garnered 288 GitHub stars, indicating a decent level of community trust and adoption. However, there is a discrepancy regarding its licensing. The automated scan detected "NOASSERTION," while the README states it uses the Functional Source License (FSL-1.1-ALv2). This is a source-available license that restricts "competing use" for two years before converting to the standard open-source Apache 2.0 license. Developers should verify if this restriction aligns with their project's commercial goals.
Verdict
Use with caution: inspect the installation script for safe directory paths before running, and ensure the non-compete license restrictions fit your use case.
A Web4.0-native AI Agent Framework.
README.md
Machi
A lightweight, ergonomic AI Agent Framework.
License
Licensed under the Functional Source License, Version 1.1, Apache-2.0 Future License (FSL-1.1-ALv2).
- You can use, modify, and redistribute for any purpose except competing use.
- Each version automatically converts to the Apache License, Version 2.0 two years after release.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this project shall be licensed as above, without any additional terms or conditions.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi