agentguard-tech

v0.11.1 suspicious
7.0
High Risk

AgentGuard — runtime governance for production AI agents. APRA CPS 230, EU AI Act and ISO 42001 evidence built-in. Native OpenClaw, LangChain, CrewAI, OpenAI Assistants, AutoGen, and MCP integrations.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows significant credential risk and network communication, raising concerns about data exfiltration and unauthorized access. Its incomplete metadata further adds to the uncertainty.

  • High credential risk
  • Potential data exfiltration via network calls
  • Incomplete metadata
Per-check LLM notes
  • Network: The observed network calls suggest the package may be communicating with external services, which could indicate legitimate functionality but also potential for data exfiltration or command and control activities.
  • Shell: No shell execution patterns were detected, indicating low risk of direct system command injection from this package.
  • Obfuscation: No signs of obfuscation techniques were detected.
  • Credentials: There is a high risk associated with patterns that suggest the harvesting or manipulation of system files like '/etc/passwd', which typically contain user information.
  • Metadata: The package has red flags including a missing repository and author details, indicating potential unreliability.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • /mcp/intercept" req = urllib.request.Request( url, data=payload,
  • try: with urllib.request.urlopen(req, timeout=self._config.timeout_sec) as resp:
  • claw/intercept" req = urllib.request.Request( url, data=payload,
  • try: with urllib.request.urlopen(req, timeout=self._timeout_sec) as resp:
  • Uses unittest.mock to patch urllib.request.urlopen — no real network calls or openclaw package required
  • ttest.TestCase): @patch("urllib.request.urlopen") def test_allow_decision(self, mock_urlopen):
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 10.0

Found 6 credential access pattern(s)

  • arguments={"path": "/etc/passwd", "content": "..."}, action_mapping={"write
  • result = guarded_read(path="/etc/passwd") """ return self.guard_tool(func, name=too
  • "filesystem_write", {"path": "/etc/passwd"}) if not decision.allowed: raise Permi
  • params={"path": "/etc/passwd", "content": "..."}, ) if not decision.allo
  • eadFile", "params": {"path": "/etc/passwd"}}, {"tool": "sendEmail", "params": {"to": "user@ex
  • result = delete_file("/etc/passwd") self.assertIsNone(result) def test_blocked_w
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: agentguard.tech>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentguard-tech 
Develop a mini-application called 'AI Safety Monitor' that leverages the 'agentguard-tech' package to ensure compliance and safety of AI agents in real-time. This application will serve as a runtime governance tool for developers working with various AI frameworks such as OpenClaw, LangChain, CrewAI, OpenAI Assistants, AutoGen, and MCP. The goal is to create a user-friendly dashboard where users can monitor and manage their AI agents' behavior based on regulatory standards like APRA CPS 230, EU AI Act, and ISO 42001.

### Features:
- **Agent Monitoring:** Real-time monitoring of AI agents to ensure they adhere to specified guidelines and regulations.
- **Compliance Alerts:** Notification system that alerts users if any AI agent violates the set compliance rules.
- **Regulatory Compliance Dashboard:** A visual interface displaying the current status of each AI agent’s compliance with relevant standards.
- **Customizable Policies:** Users can define their own policies based on specific regulatory requirements or internal guidelines.
- **Integration with Popular AI Frameworks:** Seamless integration with OpenClaw, LangChain, CrewAI, OpenAI Assistants, AutoGen, and MCP.
- **Evidence Collection:** Automated collection and storage of evidence for audits and reviews.

### Steps to Build the Application:
1. **Setup Environment:** Install necessary packages including 'agentguard-tech', Flask for the web framework, and other dependencies required for visualization and data handling.
2. **Define Compliance Rules:** Use 'agentguard-tech' to define the compliance rules based on the mentioned regulatory standards.
3. **Integrate with AI Agents:** Implement the integration logic using 'agentguard-tech' to monitor AI agents running on different platforms.
4. **Build the Dashboard:** Create a simple yet effective dashboard using HTML/CSS/JavaScript (or any frontend framework like React/Vue) to visualize the status of each AI agent.
5. **Implement Alert System:** Develop an alert mechanism that sends notifications when any AI agent breaches the defined compliance rules.
6. **Test the Application:** Conduct thorough testing to ensure all components work as expected and that the application meets the outlined objectives.
7. **Deploy the Application:** Deploy the application on a server or cloud platform, making it accessible to users who need to monitor their AI agents.

### Utilizing 'agentguard-tech':
- Use 'agentguard-tech' to enforce runtime governance policies on AI agents.
- Leverage its built-in compliance checks and evidence collection mechanisms to ensure adherence to regulatory standards.
- Integrate with popular AI frameworks through 'agentguard-tech' native support.
- Customize policies according to user needs and integrate them into the application's workflow.