Package Metadata

Author: AgentAuditKit Contributors
Email: —
PyPI: agent-audit-kit
Python: >=3.9
Versions: 26 releases
First release: 05 Apr 2026, 18:12 UTC
Analysed: 06 Jun 2026, 05:49 UTC
Source files: 62 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.9Topic :: Security

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to potential obfuscation and shell execution, though it does not clearly indicate malicious intent. Further investigation is required.

Obfuscation risk of 7/10
Shell risk of 5/10

Per-check LLM notes

Network: The network calls appear to be for making HTTP requests which could be part of the package's functionality, but without context, there is some risk of unintended data transfer.
Shell: Subprocess calls like git diff might be legitimate for version control operations, but they could also indicate the package executes arbitrary commands, posing a risk if not properly controlled.
Obfuscation: The regex pattern matches shell execution commands which could indicate an attempt to hide or obfuscate command execution.
Credentials: No clear patterns indicating credential harvesting were detected.
Metadata: The author has only one package, indicating a new or less active account which may warrant further investigation.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 7.5

Found 5 network call pattern(s)

None: try: req = urllib.request.Request( url, data=json.dumps(payloa
POST", ) with urllib.request.urlopen(req, timeout=timeout) as resp: return js
"2023-06-01", } req = urllib.request.Request(url, headers=headers, method="GET") try:
="GET") try: with urllib.request.urlopen(req, timeout=_TIMEOUT_SECONDS) as resp:
earer {key}", } req = urllib.request.Request(url, headers=headers, method="GET") try:

⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

---- _SHELL_DIRECTIVE_RE = re.compile( r"sh\s+-c\s|bash\s+-c\s|" r"`[^`]+`|" r"\bos\.system\s*\(|" r"\bsubprocess\b|" r"\bexec\s*\(|" r"\beval\s*\(|" r"\brm\s+-rf\b", re.IGNO
try: module = __import__( f"agent_audit_kit.scanners.{module_name}", fromlist=["scan"], ) except ImportError as exc: if strict_lo

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

try: proc = subprocess.run( [ gh_bin, # type: igno
""" try: result = subprocess.run( ["git", "diff", "--name-only", base_ref],

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository sattyamjjain/agent-audit-kit appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "AgentAuditKit Contributors" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-audit-kit

Create a comprehensive security auditing tool named 'AgentGuard' using the Python package 'agent-audit-kit'. This tool will be designed to help developers and DevOps teams ensure the security of their AI agent pipelines connected to the MCP (Machine Control Platform). Here’s a step-by-step guide on how to build this tool:

1. **Setup Environment**: Start by setting up a virtual environment and installing the 'agent-audit-kit' package. Also, include any other necessary libraries such as Flask for web framework support.
2. **Define Audit Scenarios**: Use 'agent-audit-kit' to define various audit scenarios tailored to common security risks associated with AI agent pipelines. These could include data leakage, unauthorized access, and improper configuration.
3. **Integration with MCP**: Implement functionality within 'AgentGuard' that allows it to connect seamlessly with the MCP, fetching details about the AI agents and their pipelines.
4. **Audit Execution**: Develop a feature that automatically runs these audit scenarios against the fetched pipeline data. This should provide real-time feedback on potential security vulnerabilities.
5. **Reporting Mechanism**: Create a reporting module that generates detailed reports on the findings from the audits. These reports should highlight critical issues and suggest remediation steps.
6. **User Interface**: Build a simple yet effective user interface using Flask, allowing users to initiate audits, view results, and manage their audit settings.
7. **Scheduling and Alerts**: Implement scheduling capabilities so that audits can be run at regular intervals. Additionally, set up alert mechanisms to notify users via email or SMS about critical issues discovered during audits.
8. **Security Compliance Checklists**: Integrate compliance checklists based on industry standards like GDPR, HIPAA, etc., into the audit process.
9. **Documentation and Support**: Provide comprehensive documentation detailing how to use 'AgentGuard', including setup instructions, usage examples, and troubleshooting tips.

By following these steps, you'll create a robust and user-friendly security auditing tool that leverages the powerful capabilities of 'agent-audit-kit' to enhance the security posture of AI agent pipelines.