Package Metadata

Author: —
Email: Google LLC <[email protected]>
PyPI: a2a-sdk
Python: >=3.10
Versions: 55 releases
First release: 15 May 2025, 20:13 UTC
Analysed: 05 Jun 2026, 22:54 UTC
Source files: 62 .py files scanned

Project Links

changelog documentation homepage repository

Classifiers

Intended Audience :: DevelopersLicense :: OSI Approved :: Apache Software LicenseOperating System :: OS IndependentProgramming Language :: PythonProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14

🤖 AI Analysis

Final verdict: SAFE

The package shows some signs of potential obfuscation and has incomplete metadata, which raises minor concerns. However, there are no clear indicators of malicious activity, such as shell execution or credential harvesting.

moderate obfuscation risk
incomplete author metadata

Per-check LLM notes

Network: The use of httpx for network calls is common in many packages, especially those involving APIs or external services.
Shell: No shell execution patterns were detected.
Obfuscation: The usage of base64 decoding might indicate an attempt to obfuscate code, but it could also be a legitimate use for handling encoded data.
Credentials: No clear patterns indicative of credential harvesting were detected.
Metadata: The author information is incomplete and the account seems new or inactive, raising some suspicion but not definitive evidence of malice.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

106 ) async with httpx.AsyncClient(timeout=30.0) as httpx_client: config.httpx_client =
figStore() httpx_client = httpx.AsyncClient() push_sender = BasePushNotificationSender( http
Any"})' ) async with httpx.AsyncClient() as httpx_client: resolver = A2ACardResolver(httpx_
ient = config.httpx_client or httpx.AsyncClient() httpx_client.headers.setdefault( VERSI

⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

art raw = base64.b64decode(part.text) inst.ParseFromString(raw)
try: raw = base64.b64decode(part.text) inst = instruction_pb2.Instructio
: core_part.raw = base64.b64decode(root.file.bytes) if root.file.mime_type:

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: google.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository a2aproject/a2a-python appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with a2a-sdk

Develop a fully functional mini-app using the 'a2a-sdk' Python package, which enables seamless integration with the A2A API for data exchange between different systems. This app will serve as a bridge between two separate databases, allowing users to synchronize data in real-time. Here’s a detailed breakdown of the project scope and requirements:

1. **Project Overview**: Create a real-time data synchronization tool that leverages the 'a2a-sdk' package to connect two distinct database systems (e.g., MySQL and PostgreSQL). The goal is to ensure that any changes made in one database are immediately reflected in the other.

2. **Core Features**:
   - **Data Synchronization**: Implement a mechanism that continuously monitors both databases for any changes (inserts, updates, deletes).
   - **Real-Time Updates**: Ensure that any modifications made in one database are propagated to the other within seconds.
   - **Error Handling**: Include robust error handling to manage any issues that may arise during the synchronization process, such as network failures or database errors.
   - **User Interface**: Develop a simple web-based interface where users can view the status of the synchronization process, including success rates and error logs.

3. **Utilizing 'a2a-sdk'**:
   - Use the 'a2a-sdk' package to establish connections with both databases and facilitate the transfer of data.
   - Leverage the package's features for efficient data processing and error management during the synchronization process.

4. **Development Steps**:
   - **Step 1**: Set up the development environment, including installing the 'a2a-sdk' package and configuring access to both databases.
   - **Step 2**: Design and implement the backend logic for monitoring and synchronizing data between the databases.
   - **Step 3**: Integrate the 'a2a-sdk' functionalities to handle data transfer and error management.
   - **Step 4**: Develop a user-friendly web interface using technologies like Flask or Django for displaying synchronization statuses and logs.
   - **Step 5**: Test the application thoroughly under various scenarios to ensure reliability and efficiency.

5. **Deliverables**:
   - A fully functional mini-app capable of real-time data synchronization between two databases.
   - Comprehensive documentation detailing the setup process, usage instructions, and troubleshooting tips.
   - Source code repository containing all project files and dependencies.