Package Metadata

Author: —
Email: Andrew Ohurtsov <[email protected]>
PyPI: agent-lab-sdk
Python: <4.0,>=3.11
Versions: 79 releases
First release: 07 Jul 2025, 19:24 UTC
Analysed: 06 Jun 2026, 07:02 UTC
Source files: 40 .py files scanned

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: Other/Proprietary LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: LibrariesTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning signs such as high credential risk due to potential misuse of environment variables, and moderate obfuscation and metadata risks. While it does not appear to execute shell commands or exhibit overtly malicious behavior, the combination of these factors raises suspicion.

High credential risk from environment variable usage
Moderate obfuscation risk due to base64 decoding
Missing author information and no associated GitHub repository

Per-check LLM notes

Network: The observed network calls suggest the package may communicate with external servers, which could be normal for SDKs but should be verified for legitimacy.
Shell: No shell execution patterns were detected.
Obfuscation: Base64 decoding is commonly used for data encoding and not necessarily indicative of malicious activity.
Credentials: Environment variables are being used to store URLs and configuration settings which could include sensitive information if not properly secured.
Metadata: The package has some red flags including missing author information and no associated GitHub repository, but there's no clear evidence of typosquatting or other malicious intent.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

)...") resp = requests.post(req_url, params=params, data={}, verify=False, headers=heade
)...") resp = requests.post(url, headers=headers, data=data, verify=False)
OST-запрос response = requests.post(url, headers=headers, data=data, files=files) respon
try: response = requests.post( url, headers=headers, p
x.AsyncClient: return httpx.AsyncClient( base_url=self.base_url, headers=sel
s) self._client = httpx.Client( timeout=httpx.Timeout(self.timeout),

⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

None: try: return base64.b64decode(value, validate=True) except Exception: return N
)) try: decoded = base64.b64decode(padded, validate=True).decode("utf-8") except (ValueErro
try: file_data = base64.b64decode(file_base64.split(",")[-1]) except Exception as e:

✓ Shell / Subprocess Execution

No shell execution patterns detected

⚠ Credential Harvesting score 7.5

Found 3 credential access pattern(s)

ENV) TOKEN_PROVIDER_AGW_URL = os.environ.get("TOKEN_PROVIDER_AGW_URL", "https://agent-gateway.apps.advosd.sberd
AGW_DEFAULT_MAX_RETRIES = int(os.environ.get("TOKEN_PROVIDER_AGW_DEFAULT_MAX_RETRIES", 3)) # Таймаут ожидания о
ROVIDER_AGW_TIMEOUT_SEC = int(os.environ.get("TOKEN_PROVIDER_AGW_TIMEOUT_SEC", 5)) # Случайная задержка между п

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: yandex.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

No GitHub repository linked

No GitHub repository link found

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-lab-sdk

Create a mini-application called 'AgentLabDashboard' using Python and the 'agent-lab-sdk' package. This application will serve as a user-friendly interface to manage and monitor various agents running on the Agent Lab platform. Your task is to design and implement the following core functionalities:

1. **User Authentication**: Implement a secure login system where users can authenticate themselves before accessing any features of the dashboard. Utilize the 'agent-lab-sdk' package to validate credentials against the Agent Lab API.

2. **Agent Management**: Allow users to create, delete, and update agents. Each agent should have unique attributes such as name, type, and status. Use the 'agent-lab-sdk' package to communicate with the Agent Lab API to perform these actions.

3. **Monitoring Interface**: Develop a real-time monitoring section that displays key metrics and statuses of all active agents. This could include CPU usage, memory consumption, and network activity. Integrate the 'agent-lab-sdk' to fetch and display live data from the agents.

4. **Notifications System**: Implement a feature that sends notifications to users about critical events or updates related to their agents. For example, if an agent crashes or reaches a certain threshold in resource usage. Leverage the 'agent-lab-sdk' to handle event subscriptions and notifications.

5. **Customization Options**: Provide users with the ability to customize their dashboard layout and theme according to their preferences. While this functionality doesn't directly use the 'agent-lab-sdk', it enhances the overall user experience.

6. **Documentation & Deployment**: Ensure your application is well-documented, explaining how each part of the code works and interacts with the 'agent-lab-sdk'. Additionally, provide instructions for deploying the application in a production environment.

To achieve these objectives, you'll need to dive deep into the 'agent-lab-sdk' documentation to understand its capabilities and limitations. Focus on building a robust, scalable, and secure application that showcases the power of the SDK while providing value to end-users.