agent-gov-saas

v0.6.0 suspicious
4.0
Medium Risk

AI Agent Cost Governance — policy engine, budget enforcement, per-tool cost tracking, multi-tenant workspaces

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to its anonymous maintainer and low activity, which raise concerns about its legitimacy. However, there are no concrete indications of malicious activities.

  • Anonymous maintainer
  • Low activity level
  • Potential legitimate network interactions
Per-check LLM notes
  • Network: The observed network calls could be legitimate if the package is designed to interact with external services, but further investigation into the URLs and data being sent/received is necessary.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: The package shows some red flags such as an anonymous maintainer and low activity, but no clear evidence of typosquatting or other malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • ncode("utf-8") req = urllib.request.Request( url, data=data, headers={"C
  • ) try: with urllib.request.urlopen(req, timeout=5) as resp: body = json.loa
  • ng.""" try: req = urllib.request.Request(f"{base_url}/", method="GET") with urllib.re
  • ", method="GET") with urllib.request.urlopen(req, timeout=3) as resp: data = json.loa
  • import httpx r = httpx.get(f"http://localhost:{port}/", timeout=3) if r.status_
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-gov-saas 
Create a mini-application named 'CostGuard' that leverages the 'agent-gov-saas' package to manage AI development costs across multiple projects and teams. This application should allow users to set up cost governance policies, monitor budgets, track costs per tool, and manage multi-tenant workspaces. Here’s a detailed plan for building this application:

1. **Setup**: Begin by installing the 'agent-gov-saas' package and setting up your environment.
2. **User Authentication**: Implement a simple user authentication system to differentiate between different users and teams.
3. **Workspace Management**: Allow users to create, delete, and manage their workspaces. Each workspace should be associated with specific cost governance policies.
4. **Policy Engine**: Enable users to define cost governance policies for their workspaces. These policies could include maximum spend limits, alert thresholds, and acceptable usage patterns.
5. **Budget Enforcement**: Integrate the budget enforcement feature from 'agent-gov-saas' to ensure that spending does not exceed predefined limits. Users should receive notifications when they approach their budget threshold.
6. **Cost Tracking**: Implement functionality to track costs associated with each tool used within the workspaces. Provide users with detailed reports on their spending.
7. **Multi-Tenant Support**: Ensure that the application supports multi-tenancy, allowing different teams to operate independently while still being governed under the same overarching policies.
8. **Dashboard**: Develop a user-friendly dashboard where users can view their current spending status, alerts, and historical data.
9. **API Integration**: Optionally, expose an API that allows other applications to integrate with 'CostGuard', enabling seamless cost management across various tools and services.
10. **Testing & Documentation**: Thoroughly test the application to ensure all features work as expected. Create comprehensive documentation to guide users through setup, configuration, and usage of the application.