Package Metadata

Author: —
Email: Vilius Vystartas <[email protected]>
PyPI: agent-foundry-local
Python: >=3.11
Versions: 2 releases
First release: 04 May 2026, 10:38 UTC
Analysed: 06 Jun 2026, 06:28 UTC
Source files: 20 .py files scanned

Project Links

Changelog Documentation Homepage Issues Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersIntended Audience :: Financial and Insurance IndustryIntended Audience :: Healthcare IndustryIntended Audience :: Information TechnologyOperating System :: MacOSOperating System :: Microsoft :: WindowsOperating System :: POSIX :: LinuxProgramming Language :: Python :: 3Programming Language :: Python :: 3.11

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning behaviors including significant shell execution risks and some level of code obfuscation, indicating potential hidden functionalities. Additionally, it lacks robust maintainer information and shows signs of incomplete development.

High shell risk
Code obfuscation
Incomplete maintainer information

Per-check LLM notes

Network: The network calls appear to be part of the package's functionality, possibly for communication with external services or peers.
Shell: The execution of shell commands suggests potential risks, especially if the commands are not properly sanitized or controlled, which could lead to unintended actions on the system.
Obfuscation: The code shows signs of obfuscation through the use of dynamic imports and string formatting which could be used to hide logic or delay detection, but does not necessarily indicate malicious intent.
Credentials: No direct credential harvesting patterns were detected, but there is potential for misuse due to the retrieval of the OPENAI_API_KEY from environment variables without additional checks.
Metadata: The package shows low activity and incomplete maintainer information, raising suspicion.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

= None self._client = httpx.Client(timeout=30.0) @property def _token(self) -> str:
try: resp = httpx.post( trigger_url, params=params,
self._http_client = httpx.AsyncClient(timeout=5.0) for peer_url in self.config.static_pee
et self._client = httpx.AsyncClient( timeout=httpx.Timeout(self.timeout),
e: self._client = httpx.AsyncClient( base_url=self.base_url, tim
) self._client = httpx.AsyncClient( base_url=self.base_url, hea

⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

xpires in {creds.expires_at - __import__('time').time():.0f}s") else: click.echo("✗ Authenticati
api_key = self.api_key or __import__("os").environ.get("OPENAI_API_KEY", "") if not api_ke

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

nic() try: proc = subprocess.run( ["bash", "-n"], input=code,
try: proc = subprocess.run( cmd, shell=True,
sh proc = subprocess.run( ["git", "rev-parse", "HEAD"],
es proc = subprocess.run( ["git", "diff", "--name-only"],
] proc2 = subprocess.run( ["git", "diff", "--cached", "--name
try: proc = subprocess.run( [*self.mcp_server_command.split(), "tool",

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: workswithagents.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-foundry-local

Create a mini-application that facilitates secure and compliant handoffs between AI agents within a regulated industry environment. Utilize the 'agent-foundry-local' package to implement the following functionalities:

1. **Agent Registration**: Allow users to register new AI agents within the system. Each agent should have unique credentials for identification.
2. **Formal Handoff Protocol**: Implement a mechanism where one agent can formally hand off tasks or responsibilities to another agent using a standardized protocol. Ensure that this process includes verification steps to maintain compliance.
3. **Audit Trail**: Maintain a comprehensive audit trail of all handoff activities. This should include timestamps, identities involved, and a brief description of the task being handed over.
4. **Secure Communication**: Use 'agent-foundry-local' to ensure all communications between agents during handoffs are encrypted and secure.
5. **User Interface**: Develop a simple web interface where users can view registered agents, initiate handoffs, and review the audit logs.
6. **Error Handling and Notifications**: Implement robust error handling and notification systems to alert users about any issues during handoff processes.

This project aims to demonstrate the practical application of 'agent-foundry-local' in creating a reliable and secure handoff system for AI agents in industries such as finance or healthcare.