agent-identity-protocol

v0.3.0 suspicious
5.0
Medium Risk

Verifiable cryptographic identity and delegation for AI agents across MCP and A2A

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to subprocess execution and incomplete maintainer metadata, suggesting potential vulnerabilities or lack of oversight.

  • High shell risk due to subprocess execution
  • Incomplete maintainer metadata
Per-check LLM notes
  • Network: The network calls appear to be related to search functionality and token validation, which could be legitimate depending on the package's purpose.
  • Shell: Subprocess execution might be used for building scripts or generating files, but it poses a higher risk due to potential command injection or unintended script execution.
  • Obfuscation: Base64 decoding is commonly used for data serialization and not necessarily indicative of malicious activity.
  • Credentials: No patterns indicative of credential harvesting were detected.
  • Metadata: The maintainer has an incomplete profile and may be new or inactive, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • /tools/search" resp = httpx.post(url, headers={"X-AIP-Token": token}, json={"q": "test"})
  • /tools/search" resp = httpx.post(url, json={"q": "test"}) assert resp.status_code ==
  • /tools/search" resp = httpx.post(url, headers={"X-AIP-Token": "garbage"}, json={"q": "test"})
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • try: sig_bytes = base64.b64decode(self.document_signature) except Exception as exc:
Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • = tmp_path / "index.html" subprocess.run( [sys.executable, str(BUILD_SCRIPT), "--out", str(ou
  • ut2 = tmp_path / "b.html" subprocess.run([sys.executable, str(BUILD_SCRIPT), "--out", str(out1)], che
  • , str(out1)], check=True) subprocess.run([sys.executable, str(BUILD_SCRIPT), "--out", str(out2)], che
  • = tmp_path / "index.html" subprocess.run([sys.executable, str(BUILD_SCRIPT), "--out", str(out)], chec
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: sunilprakash.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository sunilp/aip appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-identity-protocol 
Create a mini-application called 'AI Agent Passport' that leverages the 'agent-identity-protocol' package to manage verifiable identities for AI agents. This application will allow users to create, verify, and manage cryptographic identities for their AI agents, ensuring secure and verifiable interactions within a multi-agent system environment.

The application should include the following core functionalities:
1. **Identity Creation**: Users can generate unique cryptographic identities for their AI agents using the 'agent-identity-protocol'. Each identity should be verifiable and contain essential information such as the agent's name, description, and public key.
2. **Identity Verification**: Implement a feature where users can submit another agent's identity for verification. The application should use the 'agent-identity-protocol' to validate the authenticity of the submitted identity against known trusted sources or authorities.
3. **Delegation Management**: Enable users to delegate certain permissions or roles to other agents through verifiable credentials. For example, an agent might need access to specific data or services, which can be granted via a credential issued by the owner of the resource.
4. **Interaction Logs**: Maintain a log of all verified interactions between different agents. This includes details like when two agents exchanged information, who initiated the interaction, and any credentials presented during the exchange.
5. **User Interface**: Develop a simple web-based user interface that allows users to interact with the 'AI Agent Passport' application easily. It should provide clear visual feedback on the status of identity creation, verification, and delegation processes.

To achieve these functionalities, you will need to integrate the 'agent-identity-protocol' package into your application. Specifically, utilize its capabilities for generating and verifying cryptographic identities, managing delegations through verifiable credentials, and securely handling interactions between agents. Your implementation should demonstrate best practices in security and privacy while providing a seamless experience for end-users.