Package Metadata

Author: —
Email: Microsoft Corporation <[email protected]>
PyPI: agentmesh_marketplace
Python: >=3.9
Versions: 10 releases
First release: 13 Apr 2026, 04:42 UTC
Analysed: 06 Jun 2026, 10:59 UTC
Source files: 36 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.9Topic :: Scientific/Engineering :: Artificial IntelligenceTopic :: Software Development :: Libraries :: Application Frameworks

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant obfuscation techniques, raising concerns about potential malicious intent. However, there is no concrete evidence of harmful activities such as network exploitation or credential theft.

High obfuscation risk
Incomplete author metadata

Per-check LLM notes

Network: The use of urllib to fetch artifacts suggests the package may be downloading external resources which could potentially include updates or additional configurations.
Shell: No shell execution patterns detected.
Obfuscation: The observed obfuscation patterns, including base64 decoding and XOR operations on the signature bytes, suggest an attempt to obscure code behavior, which may indicate malicious intent.
Credentials: No clear patterns of credential harvesting were detected.
Metadata: The author's information is incomplete and they have a single package, which could indicate a new or less active account.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 18 test file(s) found

18 test file(s) detected (e.g. test_artifact_fetch.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (4000 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

168 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkit
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

s only). with urllib.request.urlopen(artifact_url) as resp: # noqa: S310

⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

try: sig_bytes = base64.b64decode(manifest.signature) data = manifest.signable_bytes()
sig_bytes = bytearray(base64.b64decode(data["signature"])) sig_bytes[0] ^= 0x01 dat
ynamic import calls such as ``__import__("subprocess")`` or ``importlib.import_module("os")`` are **no

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: microsoft.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentmesh_marketplace

Create a Python-based mini-application called 'AgentMesh Explorer' that leverages the 'agentmesh_marketplace' package to provide a user-friendly interface for managing plugins related to the Agent Governance Toolkit. This application should allow users to browse through available plugins, install them, and manage their installed plugins from one centralized location.

### Features:
- **Plugin Discovery**: Users should be able to search for plugins by name or category. The application should display relevant details about each plugin such as its description, version, and any associated documentation links.
- **Installation**: Provide an option for users to install selected plugins directly from the application. Ensure that the installation process is seamless and includes any necessary dependencies.
- **Management Interface**: After installation, users should be able to view, update, or uninstall their plugins within the application. Additionally, the application should check for updates and notify users of newer versions of their installed plugins.
- **Verification**: Implement a feature where the application verifies the integrity and authenticity of the installed plugins using digital signatures or similar mechanisms.

### Utilization of 'agentmesh_marketplace':
- Use 'agentmesh_marketplace' to handle the discovery of plugins by querying the marketplace API for a list of available plugins. Display these results in your application.
- For installation, utilize 'agentmesh_marketplace' to download and install plugins on the user's system. Ensure that the installation process adheres to best practices for security and dependency management.
- When managing plugins, leverage 'agentmesh_marketplace' to keep track of installed plugins, their statuses, and any updates available.
- For verification, use the 'agentmesh_marketplace' package's capabilities to validate the plugins' authenticity and ensure they haven't been tampered with since installation.

Your task is to design and implement this mini-application using Python, ensuring it is well-documented and easy to use. Consider adding additional features such as a simple GUI or command-line interface to enhance user interaction.