AI Analysis
Final verdict: SAFE
The package is considered safe based on low network and shell risks, and no indications of malicious activity.
- Low network and shell execution risks
- No signs of supply-chain attack
Per-check LLM notes
- Network: Network calls are typical for packages that interact with external services or APIs.
- Shell: No shell execution patterns detected, indicating no immediate risk from command execution.
- Metadata: The author has only one package, which may indicate a new or less active account, but there are no other red flags.
Package Quality Overall: Medium (6.8/10)
◈ Medium
Test Suite
6.0
Partial test coverage signals detected
Test runner config found: pyproject.toml
◈ Medium
Documentation
7.0
Some documentation present
Documentation URL: "Documentation" -> https://github.com/microsoft/agent-governance-toolkit#readmeDetailed PyPI description (6188 chars)
○ Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
◈ Medium
Type Annotations
7.0
Partial type annotation coverage
Classifier: Typing :: Typed211 type-annotated function signatures detected in source
✦ High
Multiple Contributors
10.0
Active multi-contributor project
14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkitActive community — 5 or more distinct contributors
Heuristic Checks
Outbound Network Calls
score 6.0
Found 4 network call pattern(s)
try: request = urllib.request.Request(self.url, method=self.method, headers=self.headers)lf.headers) with urllib.request.urlopen(request, timeout=self.timeout) as response:RL.''' return requests.get(url, timeout=timeout).text Advanced usage with vers) async with aiohttp.ClientSession(timeout=timeout) as session: async with session.
Code Obfuscation
score 8.0
Found 4 obfuscation pattern(s)
matical operations with: - No eval() or exec() usage - Expression parsing with allowed operatio. Features: - No eval()/exec() - uses safe expression parser - Whitelisted opeerations. No eval()/compile() — walks the AST tree and computes results- Date arithmetic - No eval() or exec() Example: ```python dt =
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: microsoft.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository microsoft/agent-governance-toolkit appears legitimate
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "Agent Tool Registry Contributors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentmesh-tool-registry
Create a decentralized tool marketplace app using the 'agentmesh-tool-registry' Python package. This app will serve as a platform where users can discover, share, and utilize various AI agent capabilities across different domains such as finance, healthcare, education, etc. The app should allow users to: 1. Register new tools or capabilities that their agents possess. 2. Browse and search through existing tools registered by other users. 3. Rate and review tools based on their experience. 4. Subscribe to updates from specific tools or categories of tools. 5. Integrate tools into their own projects or workflows seamlessly. To achieve these functionalities, you'll need to leverage the 'agentmesh-tool-registry' package which provides the underlying infrastructure for registering, discovering, and managing these capabilities in a decentralized manner. Utilize its APIs to handle registration, querying, and interaction with the tool registry. Ensure your app has a user-friendly interface and robust backend support to make the process of sharing and utilizing AI agent capabilities as smooth and accessible as possible.