Package Metadata

Author: —
Email: Aegis Ledger <[email protected]>
PyPI: aegis-ledger-sdk
Python: >=3.10
Versions: 17 releases
First release: 07 Mar 2026, 09:26 UTC
Analysed: 06 Jun 2026, 04:10 UTC
Source files: 45 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: SecurityTopic :: Software Development :: Libraries :: Python ModulesTopic :: System :: Logging

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential network and shell execution risks, despite standard use cases. Incomplete metadata adds concern about the package's legitimacy.

Moderate network and shell execution risks
Incomplete author metadata

Per-check LLM notes

Network: Network calls are likely for package updates and webhook notifications, which can be standard for SDKs but should be reviewed for legitimacy.
Shell: Shell execution is probably used for package management tasks like updating dependencies within the environment, but could also indicate risky behavior if not properly controlled.
Metadata: The author's information is incomplete and the account seems new or inactive, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

urllib.request with urllib.request.urlopen( "https://pypi.org/pypi/aegis-ledger-sdk
ncode("utf-8") req = urllib.request.Request( self.endpoint, data=payload
try: with urllib.request.urlopen(req, timeout=30) as resp: if resp.st
try: resp = httpx.post(self._webhook_url, json=payload, timeout=10.0) r
try: resp = httpx.post(url, json={ "chat_id": self._chat_id,
tls: server = smtplib.SMTP(self._smtp_host, self._smtp_port, timeout=10)

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

imported.""" try: __import__(module_name) return True except ImportError: return
s(): try: __import__(mod_name) detected.append((label, snippet)) excep
try: mod = __import__(mod_name) frameworks.append(fw_name)
------------- _OID_SHA256 = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01" _OID_SHA384 = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x
\x04\x02\x01" _OID_SHA384 = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02" _OID_SHA512 = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x
\x04\x02\x02" _OID_SHA512 = b"\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03" _HASH_OIDS: dict[str, bytes] = { "sha256": _OID_SHA25

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

rint(" Updating...") subprocess.run( [sys.executable, "-m", "pip", "install", "--upg
alse) try: proc = subprocess.Popen( upstream_command, stdin=subprocess.
, failed try: r = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout)
0/6] Creating fresh venv...") subprocess.run([sys.executable, "-m", "venv", str(VENV_DIR)],
ck=True, capture_output=True) subprocess.run([PYTHON, "-m", "pip", "install", "-q", f"{WH

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: aegis-ledger.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository VladislavRoss/aegis-ledger-sdk appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aegis-ledger-sdk

Develop a fully-functional mini-application called 'AI Audit Trail' that leverages the 'aegis-ledger-sdk' package to ensure the integrity and transparency of AI agent activities. This application will serve as a robust logging system for any AI-driven application, ensuring that every action taken by the AI, including tool calls, decisions, and errors, is recorded in a tamper-evident and cryptographically verifiable manner. The application should include the following features:

1. **User Interface**: A simple web-based interface where users can interact with the AI and view logs.
2. **Logging Mechanism**: Utilize the 'aegis-ledger-sdk' to log all actions performed by the AI, including inputs, outputs, decisions made, and any errors encountered during execution.
3. **Audit Trail Verification**: Implement functionality to verify the integrity of the audit trail using cryptographic methods provided by the 'aegis-ledger-sdk'.
4. **Search and Filter Logs**: Allow users to search through logs based on timestamps, types of actions, and specific keywords.
5. **Security Measures**: Ensure that all logged data is securely stored and accessed only by authorized users.
6. **Integration with Existing Systems**: Provide APIs for easy integration with other systems, allowing them to log their interactions with the AI.

The application should demonstrate the core capabilities of the 'aegis-ledger-sdk', showcasing its ability to maintain a secure, immutable record of AI activities. Additionally, it should highlight the importance of such a system in maintaining trust and accountability in AI-driven processes.