agentpki

v0.2.0a1 safe
4.0
Medium Risk

Python SDK for AgentPKI — cryptographic identity for AI agents. PASETO v4 passports, Ed25519 signing, RFC 9421 HTTP Message Signatures.

🤖 AI Analysis

Final verdict: SAFE

The package exhibits typical network behavior without any shell execution risks. Although the metadata suggests some caution due to low activity and a single contributor, there is no concrete evidence of malicious intent.

  • Network risk is low with typical HTTP request patterns.
  • No shell execution detected.
Per-check LLM notes
  • Network: The observed network patterns are typical for making HTTP requests, possibly for fetching configurations or other resources, which is not inherently suspicious.
  • Shell: No shell execution patterns were detected, indicating no immediate risk from command execution.
  • Metadata: The repository's low activity and single contributor suggest potential risk.

📦 Package Quality Overall: Low (3.4/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1047 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 32 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 3 commits in agentpki/sdk-python
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • self._client = client or httpx.Client() self._own_client = client is None def request
  • own_client: client = httpx.AsyncClient(timeout=timeout_seconds) try: res = await client
  • gentpki-issuer.json" with httpx.Client(timeout=timeout_seconds) as client: try:
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • len(b64) % 4) % 4) return base64.b64decode(padded) """Type definitions for AgentPKI Protocol v0.1. Fi
  • - len(s) % 4) % 4) return base64.b64decode(padded.encode("ascii")) def le64(n: int) -> bytes: """
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Single contributor with only 3 commit(s) — possibly throwaway account
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AgentPKI" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentpki 
Create a mini-application that acts as a secure communication tool between AI agents using the 'agentpki' package. This tool will enable two AI agents to exchange messages securely over HTTP, ensuring that each message is signed and verified using Ed25519 signatures and PASETO v4 passports. The application should also support HTTP Message Signatures as per RFC 9421 for added security.

Steps to build the application:
1. Set up the development environment with Python and install the 'agentpki' package.
2. Implement key generation for both sending and receiving agents using Ed25519.
3. Develop a function to create PASETO v4 passports for authentication purposes.
4. Design a messaging system where messages are signed before being sent and verified upon receipt.
5. Integrate HTTP Message Signatures for securing HTTP requests.
6. Create a simple user interface (CLI or GUI) for sending and receiving messages between agents.
7. Test the application thoroughly to ensure that all security measures are functioning correctly.

Suggested Features:
- User-friendly interface for key management (viewing, exporting, importing).
- Logging of all activities including failed verification attempts.
- Support for encryption of messages in addition to signing.
- Integration with a simple database to store conversation history.

Utilization of 'agentpki':
- Use 'agentpki' for generating and managing keys for the AI agents.
- Leverage 'agentpki' for creating and verifying PASETO v4 passports.
- Employ 'agentpki' to sign and verify HTTP messages according to RFC 9421.