agentpassport-registry

v0.3.4 suspicious
5.0
Medium Risk

Trusted agent registry with AgentCard signature verification

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has low risks in terms of network, shell execution, and obfuscation, but its low maintenance and poor metadata quality raise concerns about potential supply-chain issues.

  • Low maintenance and poor metadata quality
  • No detected network calls, shell execution, or obfuscation
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communications.
  • Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows low maintenance and metadata quality, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (2.0/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 15 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentpassport-registry 
Develop a mini-application named 'AgentTrustVerifier' using Python, which leverages the 'agentpassport-registry' package to verify the authenticity of agents based on their digital signatures stored in AgentCards. This application should serve as a reliable tool for organizations or individuals to ensure they are interacting with trusted entities. Here’s a detailed outline of the project requirements and features:

1. **User Interface**: Design a simple yet intuitive user interface where users can input the URL or identifier of an AgentCard.
2. **AgentCard Verification**: Implement functionality to fetch and parse the AgentCard data from the provided URL/identifier. Use the 'agentpassport-registry' package to validate the signature of the AgentCard, ensuring its authenticity.
3. **Trusted Registry Integration**: Integrate with the 'agentpassport-registry' to check if the verified AgentCard is listed as trusted within the registry.
4. **Reporting System**: Create a reporting system that outputs whether the AgentCard is trusted or not, along with any relevant metadata such as the agent's name, contact information, and any endorsements or badges they may hold.
5. **Security Measures**: Ensure all interactions with the 'agentpassport-registry' and handling of AgentCards comply with best security practices, including secure storage of any fetched data and proper error handling.
6. **Extensibility**: Design the application to be easily extendable so additional features can be added later, such as support for different types of digital signatures or integration with other trusted registries.
7. **Documentation**: Provide comprehensive documentation detailing how to install and use the application, including examples of valid AgentCards and expected output formats.

By completing this project, you will have built a robust and useful tool for verifying the trustworthiness of agents in various professional contexts.