agent-policy-gateway

v0.1.0 suspicious
6.0
Medium Risk

Policy enforcement and taint tracking for AI agent tool calls.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential malicious behavior due to its obfuscated code and suspicious file handling practices. However, the lack of network calls and limited metadata risk keep it from being definitively classified as malicious.

  • High obfuscation risk
  • Suspicious credential risk
Per-check LLM notes
  • Network: No network calls were detected, which is normal and not indicative of any risk.
  • Shell: The use of subprocess.run indicates the package may execute shell commands, which could be legitimate for building and checking packages, but warrants further investigation to ensure there's no unintended behavior.
  • Obfuscation: The code snippet appears to be an obfuscated import check which could be used for evading simple static analysis tools, indicating potential malicious intent.
  • Credentials: Reading from sensitive system files like /etc/passwd without a clear purpose suggests unauthorized access attempts, likely for credential harvesting.
  • Metadata: The package appears to be newly created with limited activity and no associated GitHub repository, raising some suspicion but not definitive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • tr) -> bool: try: __import__(name) except ImportError: return False return Tru
Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • (out_dir), ] result = subprocess.run(cmd, capture_output=True, text=True, check=False) assert
  • _and_exits_zero(): proc = subprocess.run( [sys.executable, "-m", "examples.indirect_injection
  • h / "dist" build_result = subprocess.run( [sys.executable, "-m", "build", "--outdir", str(out
  • ifacts]}" twine_result = subprocess.run( [sys.executable, "-m", "twine", "check", "--strict"
Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • ools["filesystem.read"](path="/etc/passwd") # The MCP server still receives the *advertised*
  • .calls == [("read", {"path": "/etc/passwd"})] # ---------------------------------------------------
  • ools["filesystem.read"](path="/etc/passwd")) # The MCP server still receives the *advertised*
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "Hung Mo Howard Hsieh" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-policy-gateway 
Create a mini-application called 'AI Safety Guardian' which utilizes the 'agent-policy-gateway' Python package to enforce policies and track taints on data processed by AI agents. This application will serve as a sandbox environment where users can upload various types of data (text, images, etc.) and define their own policies for how these data should be handled by different AI agents. For instance, users might want to ensure that no personal information is leaked, or that certain types of content are not processed by specific agents.

The application should include the following core functionalities:
1. User Interface: A simple web-based UI where users can upload data and specify policies.
2. Data Processing: Once uploaded, the data should be processed by one or more AI agents according to the specified policies.
3. Policy Enforcement: Use the 'agent-policy-gateway' package to enforce user-defined policies during the processing phase.
4. Taint Tracking: Track any potential taints that could occur during data processing and alert users if a policy is violated.
5. Reporting: Provide a report after processing that details any violations of policy and suggests actions to mitigate risks.

To utilize the 'agent-policy-gateway' package, integrate its policy enforcement mechanisms into the data processing workflow. Specifically, before any data is passed to an AI agent, use 'agent-policy-gateway' to check against the defined policies. If the data passes the checks, allow it to proceed; otherwise, halt the process and notify the user of the violation. Additionally, implement taint tracking to monitor data integrity throughout the processing stages and ensure that sensitive information is not inadvertently exposed.