Package Metadata

Author: —
Email: Tongyi Lab <[email protected]>
PyPI: agent-id-service-sdk
Python: >=3.10
Versions: 7 releases
First release: 30 Apr 2026, 22:13 UTC
Analysed: 06 Jun 2026, 06:59 UTC
Source files: 25 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: Apache Software LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: SecurityTopic :: Software Development :: Libraries

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk indicators, primarily due to obfuscation techniques and incomplete metadata. While it does not appear to directly engage in malicious activities, the obscurity and lack of transparency warrant caution.

High obfuscation risk due to the use of __import__ and placeholder strings.
Incomplete maintainer information and lack of a repository URL.

Per-check LLM notes

Network: The network calls suggest normal SDK behavior for communicating with an external service, but further investigation is needed to confirm the legitimacy of the endpoints.
Shell: No shell execution patterns were detected.
Obfuscation: The use of __import__ and string formatting with placeholders like 'ps://' and '__import__("datetime")' suggests potential obfuscation to hide the actual source of URLs or timestamps.
Credentials: No clear signs of direct credential harvesting were found, but there is a low risk due to the presence of placeholder strings that could potentially be used for harmful purposes.
Metadata: The package has no repository and the maintainer information is incomplete, raising suspicion.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

try: async with httpx.AsyncClient(timeout=10.0) as client: resp = await client
} async with httpx.AsyncClient() as client: resp = await client.post(
turn keys async with httpx.AsyncClient() as client: base = self._provider_urls.get(

⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

ps://idp", expires_at=__import__("datetime").datetime.now(), raw_claims={}, ) assert age
_DOMAIN}", expires_at=__import__("datetime").datetime.now(), raw_claims={"sub": "agentid:test:a"

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: alibaba-inc.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

Repository not found (deleted or private)

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-id-service-sdk

Create a Flask-based web application that acts as a middleware between various AI services and a central authentication system. This application will use the 'agent-id-service-sdk' package to verify the authenticity of AI agents trying to access protected resources via JSON Web Tokens (JWTs). Additionally, it will log the activities of these agents for auditing purposes.

Step-by-Step Guide:
1. Set up a basic Flask web server.
2. Integrate the 'agent-id-service-sdk' into your Flask application to handle JWT verification requests from AI agents.
3. Implement a route in your Flask app that accepts API calls from AI agents, where each call must include a JWT for authentication.
4. Use the 'agent-id-service-sdk' to validate the JWT and ensure the caller is an authorized AI agent.
5. If the JWT is valid, process the request; otherwise, return an error message.
6. Log all successful and failed attempts by AI agents to access the protected resources using the SDK's logging capabilities.
7. Provide an admin dashboard within the Flask app to view logs and manage agent permissions.

Suggested Features:
- Real-time monitoring of AI agent activities.
- Detailed logs with timestamps and actions performed by each agent.
- Admin interface for managing agent permissions and reviewing logs.
- Integration with external databases for persistent storage of logs and permissions.

How 'agent-id-service-sdk' is Utilized:
- For verifying the JWTs sent by AI agents to authenticate themselves before accessing protected resources.
- For logging the activities of these agents for auditing and security purposes.
- For handling any exceptions related to invalid JWTs or unauthorized access attempts.