Package Metadata

Author: —
Email: The Seventeen <[email protected]>
PyPI: agentsecrets
Python: >=3.10
Versions: 9 releases
First release: 26 Feb 2026, 08:00 UTC
Analysed: 06 Jun 2026, 11:50 UTC
Source files: 30 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: SecurityTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits elevated network and shell execution risks, indicating potential unauthorized data transmission or unexpected behaviors. However, with no concrete evidence of malicious intent, it remains suspicious.

High network risk due to unspecified external API calls
Elevated shell risk from potential command execution

Per-check LLM notes

Network: Network calls to external APIs without clear purpose may indicate unauthorized data transmission.
Shell: Execution of external binaries and commands might be used for unexpected behaviors or to establish a backdoor.
Metadata: The maintainer's author information is incomplete and they may be new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

Test runner config found: conftest.py
Test runner config found: pyproject.toml
9 test file(s) detected (e.g. conftest.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/The-17/agentsecrets-sdk#readme
Detailed PyPI description (16692 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
83 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

3 unique contributor(s) across 11 commits in The-17/agentsecrets-sdk
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

onse() session = requests.Session() session.get( "https://api.stri
onse() session = requests.Session() session.post( "https://api.exa
= time.monotonic() with httpx.Client(timeout=timeout) as client: resp = client.request(
e.monotonic() async with httpx.AsyncClient(timeout=timeout) as client: resp = await client.req
H}" try: resp = httpx.get(url, timeout=3) resp.raise_for_status() da
ansport(handler) with httpx.Client(transport=transport) as client: client.get(

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

try: result = subprocess.run( full_cmd, capture_output=capture,
binary = find_binary() subprocess.Popen( [binary, "proxy", "start", "--port", str(port)],
derr"] = None result = subprocess.run(full_cmd, **kwargs) # noqa: S603 return SpawnResult(

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: theseventeen.dev>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository The-17/agentsecrets-sdk appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentsecrets

Create a Python-based mini-application named 'AgentSecChat' that integrates with the AgentSecrets SDK to provide secure, zero-knowledge management of sensitive information for AI agents. This application will allow users to store, retrieve, and manage their secrets in a way that ensures privacy and security without exposing the actual data to the service provider. Here are the steps and features to include:

1. **Setup**: Install the necessary Python packages including `agentsecrets` and any other dependencies.
2. **User Authentication**: Implement a simple user authentication mechanism to ensure only authorized users can access their secrets.
3. **Secret Management**: Provide functionalities to add, update, delete, and retrieve secrets. Secrets could be passwords, API keys, or any sensitive data needed by AI agents.
4. **Zero-Knowledge Assurance**: Utilize the core features of the `agentsecrets` package to ensure that the service never has access to the plaintext of the stored secrets. All operations should be performed in a manner that maintains the integrity and confidentiality of the data.
5. **Integration with AI Agents**: Demonstrate how these managed secrets can be securely accessed and used by an AI agent (e.g., a chatbot or a decision-making algorithm) without compromising the secrecy of the stored data.
6. **Documentation and User Interface**: Develop a simple command-line interface (CLI) for interacting with the secret management system and include comprehensive documentation on how to use the application and integrate it into existing workflows.

This project aims to showcase the practical application of the `agentsecrets` package in building secure, privacy-focused applications for managing sensitive information in AI contexts.