Package Metadata

Author: —
Email: Nick Williamson <[email protected]>
PyPI: agentwitness
Python: >=3.10
Versions: 2 releases
First release: 23 May 2026, 13:57 UTC
Analysed: 06 Jun 2026, 12:23 UTC
Source files: 40 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersIntended Audience :: System AdministratorsProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: SecurityTopic :: Security :: CryptographyTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has notable risks associated with shell execution and credential handling, indicating potential misuse. While it does not exhibit clear signs of malicious intent, the combination of these risks warrants further investigation before considering it safe.

Shell execution risk
Potential credential harvesting activities

Per-check LLM notes

Network: No network calls detected, which is typical and not suspicious.
Shell: Shell execution may be part of the package's functionality, but requires scrutiny to ensure it's not being misused for privilege escalation or other malicious purposes.
Obfuscation: The use of base64 decoding with validation suggests an attempt to ensure data integrity rather than malicious obfuscation.
Credentials: The presence of keyring.get_password and references to sensitive files like /etc/hosts indicate potential unauthorized credential harvesting activities.
Metadata: The package shows signs of being new or from an inactive maintainer, raising some suspicion but not definitive evidence of malice.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 19 test file(s) found

Test runner config found: conftest.py
Test runner config found: pyproject.toml
19 test file(s) detected (e.g. conftest.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (7346 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 5.0

Partial type annotation coverage

207 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 5.0

Limited contributor diversity

1 unique contributor(s) across 58 commits in ConceptPending/agentwitness
Single author but highly active (58 commits)

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

""" try: raw = base64.b64decode(public_key_b64, validate=True) except (ValueError, binas
try: signature = base64.b64decode(signature_b64, validate=True) except (ValueError, binasc

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

settings.json") result = subprocess.run([agentwitness_bin, "install"], env=env, capture_output=True,
rf_counter() result = subprocess.run( [agentwitness_bin, "hook"], input=p

⚠ Credential Harvesting score 10.0

Found 4 credential access pattern(s)

t length. """ value = keyring.get_password(SERVICE_NAME, label) if value is None: raise Key
nder ``label``.""" return keyring.get_password(SERVICE_NAME, label) is not None def _install_in_memory_ba
"tool_input": {"file_path": "/etc/hosts"}, "tool_use_id": "tu-1", } body = build_ev
y["resources"][0]["path"] == "/etc/hosts" def test_path_without_cwd_in_payload_stays_unchanged(

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: nickw.info>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agentwitness

Create a mini-application named 'AuditAI' using Python that leverages the 'agentwitness' package to ensure verifiable evidence of AI-assisted engineering processes. This application will serve as a tool for developers to audit and verify the integrity of AI-generated code changes in their projects. Here’s a step-by-step guide on how to build this application:

1. **Project Setup**: Initialize a new Python project and install necessary dependencies, including the 'agentwitness' package.
2. **Integration with Version Control Systems**: Integrate AuditAI with popular version control systems like Git to monitor and log AI-assisted commits.
3. **AI-Assisted Code Generation**: Implement a feature where users can input sections of code or entire files, and the application will suggest improvements or additions using an integrated AI model. Use 'agentwitness' to record the AI's suggestions and the final accepted changes.
4. **Verification Logs**: Develop a system to store logs of all AI-assisted changes, including timestamps, user actions, and the specific AI suggestions made. Ensure these logs are tamper-proof using 'agentwitness'.
5. **Audit Reports**: Create functionality for generating detailed audit reports that summarize all AI-assisted changes made within a specified timeframe, highlighting any discrepancies between suggested and actual changes.
6. **User Interface**: Design a simple yet effective user interface for interacting with AuditAI, allowing users to easily review and manage their logs and audit reports.
7. **Security Measures**: Implement security measures to protect the integrity of the verification logs and audit reports, ensuring that they cannot be altered without detection.
8. **Testing and Documentation**: Conduct thorough testing of all functionalities and prepare comprehensive documentation explaining how to use AuditAI and its integration with 'agentwitness'.

Suggested Features:
- Real-time monitoring of code changes.
- Customizable settings for AI suggestion frequency and type.
- Integration with multiple version control systems.
- Detailed analytics on AI impact on code quality.

In this project, 'agentwitness' will play a crucial role in ensuring that every action taken by the AI is recorded and verifiable, providing a robust audit trail for all AI-assisted activities.