Package Metadata

Author: —
Email: ThomasAquinas14 <[email protected]>
PyPI: actionguard
Python: >=3.10
Versions: 3 releases
First release: 01 Jun 2026, 18:28 UTC
Analysed: 06 Jun 2026, 02:09 UTC
Source files: 21 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: Libraries :: Python ModulesTyping :: Typed

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to potential credential exposure and a newly established repository with limited maintainer information, raising concerns about its legitimacy.

Potential for environmental variable misuse leading to credential harvesting.
Repository was recently created with limited maintainer information.

Per-check LLM notes

Network: No network calls detected, which is normal unless the package requires internet access for functionality.
Shell: No shell execution detected, reducing likelihood of executing system commands without user consent.
Obfuscation: No obfuscation patterns detected.
Credentials: The code snippet indicates potential for environmental variable usage for a webhook URL, which could be legitimate but also a risk for credential harvesting depending on the context and implementation.
Metadata: The repository was created recently and the maintainer has limited information, raising some suspicion.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

json['text']}\n") webhook = os.environ.get("SLACK_WEBHOOK_URL") channel = SlackChannel( webhook or "https:

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository created very recently: 4 day(s) ago (2026-06-01T17:58:32Z)

Repository created very recently: 4 day(s) ago (2026-06-01T17:58:32Z)

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with actionguard

Create a mini-application called 'SafeChainGuard' that leverages the 'actionguard' package to ensure safe and controlled execution of LangChain agents. This application will monitor the behavior of a pre-defined LangChain agent and intercept any actions deemed risky, such as attempting to delete files or send emails without explicit permission. Users should be able to configure which actions are considered risky and set up a notification system to alert them when such actions are detected. Additionally, the application should provide a simple UI where users can approve or deny these actions. The core functionality involves setting up an actionguard instance, defining risky actions, and integrating it with the LangChain agent. The goal is to demonstrate how 'actionguard' can enhance security and control in automated workflows involving AI-driven agents.