Package Metadata

Author: agent-sudo contributors
Email: —
PyPI: agent-sudo-mcp
Python: >=3.10
Versions: 9 releases
First release: 30 May 2026, 12:13 UTC
Analysed: 06 Jun 2026, 07:38 UTC
Source files: 62 .py files scanned

Project Links

Bug Tracker Documentation Homepage Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: Apache Software LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: SecurityTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows significant credential risk and some shell risk, indicating potential misuse or malicious intent. However, there's no clear evidence of immediate harm, leading to a cautious 'suspicious' classification.

High credential risk
Potential shell activity for non-standard purposes

Per-check LLM notes

Network: No network calls detected, which is typical for benign packages.
Shell: Git commands suggest the package may be querying version control information, possibly for logging or development purposes, rather than malicious activity.
Obfuscation: No signs of obfuscation patterns detected.
Credentials: Detected patterns suggest potential credential harvesting activities.
Metadata: The author has only one package on PyPI, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

try: completed = subprocess.run( ["git", "rev-parse", "--show-toplevel"],
branch_completed = subprocess.run( ["git", "rev-parse", "--abbrev-ref", "H
sha_completed = subprocess.run( ["git", "rev-parse", "--short",
) completed = subprocess.run( argv, cwd=self.cwd, cap
) completed = subprocess.run(argv, capture_output=True, text=True, check=False) r
f hermes: completed = subprocess.run( [hermes, "mcp", "list"], capture_output=True, t

⚠ Credential Harvesting score 5.0

Found 2 credential access pattern(s)

and", target="cat /etc/passwd /secret/token.json --pass=123", payload_summary
) self.assertNotIn("/etc/passwd", args1[0][2]) self.assertNotIn("123", args1[0][2])

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository Kisyntra/Agent_Sudo appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "agent-sudo contributors" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agent-sudo-mcp

Build a simple Python application using the agent-sudo-mcp package to demonstrate its core features.