Package Metadata

Author: —
Email: "Jascha Wanger / ThirdKey.ai" <[email protected]>
PyPI: agentpin
Python: >=3.8
Versions: 4 releases
First release: 09 Feb 2026, 06:41 UTC
Analysed: 06 Jun 2026, 11:20 UTC
Source files: 46 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.8Programming Language :: Python :: 3.9Topic :: Security :: Cryptography

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is suspected to have some level of risk due to its incomplete maintainer profile and new account status, despite showing no clear signs of malicious activities in other categories.

Incomplete maintainer profile and new account suggest potential risk.
No clear evidence of malicious activities in network, shell, obfuscation, or credential risks.

Per-check LLM notes

Network: The observed network calls are likely for fetching identity or configuration data and are not inherently suspicious unless the URLs are known to be malicious.
Shell: No shell execution patterns were detected.
Obfuscation: The observed pattern likely represents legitimate cryptographic operations rather than obfuscation.
Credentials: No patterns indicative of credential harvesting were detected.
Metadata: The maintainer has an incomplete profile and a new account, which may indicate potential risk but does not conclusively point to malicious intent.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 22 test file(s) found

Test runner config found: pyproject.toml
22 test file(s) detected (e.g. test_a2a.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (5218 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 5.0

Partial type annotation coverage

106 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

4 unique contributor(s) across 47 commits in thirdkeyai/agentpin
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

ent-identity.json" resp = requests.get(url, headers={"Accept": "application/json"}, allow_redirects
optional dep return requests.get( url, headers={"Accept": "applicatio
import requests resp = requests.get(url, headers={"Accept": "application/json"}, timeout=10)

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

ublicKey) sig_bytes = base64.b64decode(signature_b64) public_key.verify(sig_bytes, data, EC

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: thirdkey.ai>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository thirdkeyai/agentpin appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentpin

Create a mini-application called 'AIIdentityGuard' using the Python package 'agentpin'. This application will serve as a secure identity management tool for AI agents, allowing them to establish trust and communicate securely within a defined domain. Your task is to develop a user-friendly interface where users can register their AI agents, manage their identities, and verify the authenticity of other AI agents within their network. Here’s how you will achieve this:

1. **User Registration**: Allow users to create accounts and link their AI agents to these accounts. Each AI agent should have a unique identifier and be anchored to a specific domain.
2. **Identity Management**: Implement functionality for users to manage the cryptographic identities of their AI agents. Users should be able to generate new keys, update existing ones, and revoke old keys when necessary.
3. **Verification System**: Develop a verification system that allows AI agents to prove their identity to each other within the same domain. This should include a feature where AI agents can request and receive verification from others, ensuring that they are communicating with the correct entity.
4. **Security Features**: Utilize the 'agentpin' package to ensure all communication between AI agents is encrypted and that identities are anchored to a specific domain, enhancing security and preventing unauthorized access.
5. **Logging and Reporting**: Include logging and reporting capabilities so that users can track interactions and actions taken within the application.

The 'agentpin' package will be central to this project, providing the cryptographic foundation necessary for establishing and managing identities within the defined domains. It will handle the encryption and anchoring processes, ensuring that all data exchanged is secure and that identities are verified accurately. Your goal is to create a robust, secure, and user-friendly application that leverages the capabilities of 'agentpin' to enhance the security of AI communications.