agentvoy-guard

v0.1.0 suspicious
6.0
Medium Risk

Runtime guardrails enforcement for AI agents — reads agent.guard.yml and enforces limits at runtime

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to high metadata risk and potential shell execution risks, which could indicate potential malintent or supply-chain attack vectors.

  • High metadata risk due to suspicious git repository activity
  • Potential for executing shell commands poses a significant operational risk
Per-check LLM notes
  • Network: Wrapping network calls can be legitimate for enforcing policies or monitoring traffic.
  • Shell: Executing shell commands directly can pose a risk if not properly sanitized or intended for malicious purposes.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
  • Credentials: No credential harvesting patterns detected, suggesting the package is not engaging in secret theft.
  • Metadata: High risk due to suspicious git repository activity and maintainer history.

📦 Package Quality Overall: Low (4.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. test_guard.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3206 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 38 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 3 commits in agentvoy/guard
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • rkEnforcer: """ Wraps urllib.request.urlopen and optionally requests/httpx to enforce network
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • ellBlockedError): os.system("echo hello") def test_subprocess_blocked(): cfg = Agen
  • ellBlockedError): subprocess.run(["echo", "hello"]) # ── Summary ──────────────────────────
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 7.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Single contributor with only 3 commit(s) — possibly throwaway account
  • All 3 commits happened within 24 hours
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentvoy-guard 
Create a Python-based mini-application named 'GuardedAgent' that utilizes the 'agentvoy-guard' package to manage and enforce runtime guardrails for AI agents. This application will serve as a sandbox environment where users can upload their custom AI agent scripts, define guardrails in a YAML file ('agent.guard.yml'), and run these agents within a controlled and safe environment. The primary goal is to ensure that AI agents operate within specified boundaries, such as limiting resource usage, enforcing ethical guidelines, and preventing harmful actions.

### Features:
1. **User Interface**: Develop a simple command-line interface (CLI) for interacting with the application. Users should be able to upload their AI agent script and the corresponding 'agent.guard.yml' file.
2. **Guardrails Definition**: Allow users to specify various types of guardrails in 'agent.guard.yml', including but not limited to:
   - Resource limits (CPU, memory)
   - Time constraints (execution duration)
   - Ethical guidelines (avoidance of harmful content, etc.)
3. **Runtime Enforcement**: Use the 'agentvoy-guard' package to monitor and enforce these guardrails during the execution of the AI agent. The application should dynamically adjust based on the defined guardrails.
4. **Feedback Mechanism**: Provide real-time feedback to the user about any violations of the guardrails. If a violation occurs, the application should terminate the agent's execution safely and notify the user.
5. **Logging & Reporting**: Implement logging to record all interactions and outcomes, and generate a report summarizing the execution details and any guardrail violations.
6. **Security Enhancements**: Ensure the application is secure by validating inputs, sanitizing data, and handling exceptions gracefully.

### Utilization of 'agentvoy-guard':
- Integrate the 'agentvoy-guard' package into your application to parse the 'agent.guard.yml' file and apply the specified guardrails at runtime.
- Use the package's functionalities to dynamically monitor the AI agent's behavior and enforce the guardrails accordingly.
- Leverage the package's ability to handle complex scenarios, such as adaptive thresholds and dynamic policy adjustments, to enhance the robustness of your application.

This project aims to demonstrate the practical application of 'agentvoy-guard' in ensuring that AI agents operate within predefined and ethical boundaries, providing a valuable tool for developers and researchers working with AI.