Package Metadata

Author: —
Email: Microsoft Corporation <[email protected]>
PyPI: agentmesh_discovery
Python: >=3.11
Versions: 6 releases
First release: 30 Apr 2026, 18:28 UTC
Analysed: 06 Jun 2026, 10:57 UTC
Source files: 19 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersIntended Audience :: Information TechnologyLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: SecurityTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate level of risk due to its execution of shell commands and incomplete maintainer metadata, which could indicate potential misuse or unauthorized access.

High shell risk from executing potentially dangerous commands.
Incomplete maintainer metadata raises concerns about package origin and intent.

Per-check LLM notes

Network: Making network calls to GitHub API is common and usually benign, but the context of use should be verified.
Shell: Executing shell commands like 'wmic' and 'ps aux' can be used for legitimate purposes such as process monitoring, but also indicate potential risk for unauthorized access or system manipulation.
Obfuscation: Base64 decoding is commonly used for data serialization and not necessarily indicative of malicious activity.
Credentials: Direct access to environment variables for tokens can pose risks if not handled securely; this may indicate a need for better credential management practices.
Metadata: The maintainer has an incomplete profile and seems to be new or inactive, raising some suspicion.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 6 test file(s) found

Test runner config found: pyproject.toml
6 test file(s) detected (e.g. test_cli.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/microsoft/agent-governance-toolkit/tree/m
Detailed PyPI description (10134 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 5.0

Partial type annotation coverage

35 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkit
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

{token}" async with httpx.AsyncClient( base_url="https://api.github.com",

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

ue content = base64.b64decode(resp.json().get("content", "")).decode(

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

""" try: result = subprocess.run( ["wmic", "process", "get", "ProcessId,CommandLi
""" try: result = subprocess.run( ["ps", "aux"], # noqa: S607 — known CLI tool p

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

oken = kwargs.get("token") or os.environ.get("GITHUB_TOKEN", "") repos: list[str] = kwargs.get("repos", [])

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: microsoft.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentmesh_discovery

Create a Shadow AI Agent Inventory Manager using the 'agentmesh_discovery' Python package. This tool will serve as a central hub for managing and monitoring Shadow AI agents within an organization. Your task is to design and implement a command-line interface (CLI) application that leverages the capabilities of 'agentmesh_discovery' to discover, manage, and report on Shadow AI agents.

Step 1: Setup your development environment by installing the necessary packages including 'agentmesh_discovery'. Ensure you have Python installed and set up a virtual environment for this project.

Step 2: Define the core functionalities of your application:
- Discover Shadow AI agents across different networks.
- Retrieve detailed information about each discovered agent, such as its status, location, and capabilities.
- Allow users to filter and search through the inventory based on specific criteria like agent type, network location, etc.
- Provide options to mark agents as active/inactive or update their metadata.

Step 3: Utilize 'agentmesh_discovery' to integrate these functionalities into your application. Use its API to query and interact with Shadow AI agents.

Step 4: Implement a user-friendly CLI that guides users through the process of discovering, managing, and reporting on Shadow AI agents. Include clear commands and help messages.

Step 5: Enhance the application by adding additional features such as:
- Automated health checks for agents.
- Notifications for critical events related to agents (e.g., failure to connect).
- Integration with external tools or platforms for extended functionality.

Your final product should demonstrate proficiency in using 'agentmesh_discovery' and provide a robust solution for managing Shadow AI agents.