Package Metadata

Author: —
Email: Undercurrent Holdings <[email protected]>
PyPI: aegis-governance
Python: >=3.9
Versions: 8 releases
First release: 13 Mar 2026, 21:36 UTC
Analysed: 06 Jun 2026, 04:08 UTC
Source files: 22 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: Apache Software LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.9Topic :: Software Development :: Quality Assurance

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to its use of shell commands and obfuscation techniques, which could be exploited for malicious purposes. However, the lack of clear credential risk and sparse metadata suggests it may not be outright malicious.

Shell risk 7/10
Obfuscation risk 5/10
Sparse maintainer information

Per-check LLM notes

Network: The network calls appear to be standard HTTP requests and might be used for legitimate API interactions, but without context, they could indicate potential data exfiltration.
Shell: Executing shell commands like 'alembic' can be part of database migration processes, but it also poses risks if misused, potentially allowing unauthorized access or command execution.
Obfuscation: The usage of base64 decoding with exception handling is common but may indicate obfuscation techniques depending on context and surrounding code.
Credentials: No clear patterns indicative of credential harvesting were detected.
Metadata: The package has no associated GitHub repository and the maintainer's information is sparse, indicating potential low activity or newness which raises some suspicion.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

ent() self._client = httpx.Client( base_url=self._base_url, timeout=ti
ent() self._client = httpx.AsyncClient( base_url=self._base_url, timeout=ti
client._transport._client = httpx.Client( transport=mock_transport, base_url=_BASE_URL )
client._transport._client = httpx.AsyncClient( transport=mock_transport, base_url=_BASE_URL )
client._transport._client = httpx.Client( transport=mock_transport, base_url="https:/
client._transport._client = httpx.AsyncClient( transport=transport, base_url="http

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

try: payload_bytes = base64.b64decode(envelope.payload, validate=True) except Exception:
try: ed_sig_bytes = base64.b64decode(ed_sig_entry.sig, validate=True) except Exception:
try: ml_sig_bytes = base64.b64decode(ml_sig_entry.sig, validate=True) except Exception:
whitespace decoded = base64.b64decode(env.payload) as_dict = json.loads(decoded) n
bad_ed_sig_bytes = bytearray(base64.b64decode(ed_entry.sig)) bad_ed_sig_bytes[0] ^= 0x01 b
bad_ml_sig_bytes = bytearray(base64.b64decode(ml_entry.sig)) bad_ml_sig_bytes[0] ^= 0x01 b

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

b_url, **live_keys} res = subprocess.run( ["alembic", "-c", str(alembic_ini), "upgrade", "hea

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: undercurrentholdings.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

No GitHub repository linked

No GitHub repository link found

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aegis-governance

Create a mini-application that evaluates the ethical and regulatory compliance of a given dataset using the 'aegis-governance' Python package. This tool will serve as a preliminary check for data scientists and researchers before they begin their analysis, ensuring that the datasets they work with adhere to ethical standards and legal regulations.

Step 1: Setup the Environment
- Install Python and necessary libraries including 'aegis-governance'.
- Ensure you have at least 10 free evaluations per day for testing purposes.

Step 2: Design the User Interface
- Develop a simple command-line interface (CLI) or a basic web frontend using Flask/Django.
- The interface should allow users to upload a CSV file or input a URL where the dataset is hosted.

Step 3: Implement Dataset Evaluation
- Utilize 'aegis-governance' to analyze the uploaded dataset for potential ethical and regulatory issues.
- Display the results in a user-friendly format, highlighting any significant findings or areas of concern.

Suggested Features:
- Detailed report generation summarizing the evaluation findings.
- Option to save reports for future reference.
- Integration with common data formats like CSV, Excel, and JSON.
- Ability to filter results based on specific criteria (e.g., privacy concerns, bias).

How to Use 'aegis-governance':
- Import the package and use its functions to load and evaluate the dataset.
- Interpret the output provided by the package to generate meaningful insights and recommendations for the user.