AI Analysis
Final verdict: SUSPICIOUS
The package exhibits significant metadata risk due to its newly created repository, lack of activity, and anonymous author, suggesting potential suspicious behavior.
- Recently created repository with no activity
- Single version release
- Anonymous author
Per-check LLM notes
- Network: The use of network calls is common in many packages for fetching updates, communicating with servers, or other legitimate purposes.
- Shell: No shell execution patterns were detected.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
- Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
- Metadata: The package shows several red flags including a recently created repository with no activity, a single version release, an author with no name, and a new or inactive account.
Heuristic Checks
Outbound Network Calls
score 3.0
Found 2 network call pattern(s)
try: async with httpx.AsyncClient(timeout=TIMEOUT) as client: res = await client.g" try: async with httpx.AsyncClient(timeout=TIMEOUT) as client: res = await client.g
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gmail.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 5.0
Git history flags: Repository created very recently: 4 day(s) ago (2026-06-02T18:10:29Z)
Repository created very recently: 4 day(s) ago (2026-06-02T18:10:29Z)Repository has zero stars and zero forks
Maintainer History
score 8.0
4 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage is very new: uploaded 2 day(s) agoAuthor name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentis-mcp
Create a mini-application that acts as a user-friendly interface to manage identities registered in the Agentis agent identity registry through its MCP server. This application will allow users to perform basic CRUD (Create, Read, Update, Delete) operations on identities within the registry. Additionally, it should provide real-time status updates on the health of the MCP server and any ongoing registration processes. Here's a detailed breakdown of the application's features: 1. **User Authentication**: Implement a simple authentication system to ensure only authorized users can access the registry management features. 2. **Identity Management**: - **Create Identity**: Allow users to create new identities with specified details such as name, type, and permissions. - **Read Identity**: Display a list of all identities currently registered in the registry, with options to view detailed information about each identity. - **Update Identity**: Provide functionality to modify existing identities, including changing their details or permissions. - **Delete Identity**: Enable users to remove identities from the registry when they are no longer needed. 3. **Server Health Monitoring**: Integrate real-time monitoring of the MCP server's health and status, displaying alerts if the server encounters issues. 4. **Real-Time Notifications**: Set up notifications for users regarding the success or failure of identity creation, update, or deletion processes. To achieve these functionalities, you will utilize the 'agentis-mcp' Python package to interact with the MCP server. Specifically, you will use its APIs to perform CRUD operations on identities and monitor the server's health. Your task is to design and implement this application using modern web technologies, ensuring it is responsive and user-friendly.