Package Metadata

Author: Jean-Pierre Morard
Email: —
PyPI: agi-env
Python: >=3.11
Versions: 1 release
First release: 04 Jun 2026, 00:33 UTC
Analysed: 06 Jun 2026, 12:41 UTC
Source files: 62 .py files scanned

Project Links

Changelog Discussions Documentation Homepage Issues Repository Source

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersOperating System :: MacOSOperating System :: Microsoft :: WindowsOperating System :: POSIX :: LinuxProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to its attempt to retrieve credentials from a keyring service, which may indicate potential credential harvesting. Additionally, the maintainer's limited history adds to the suspicion.

High credential risk
New maintainer with limited history

Per-check LLM notes

Obfuscation: No obfuscation patterns detected in the code snippet.
Credentials: The code attempts to retrieve a password from a keyring service, which could indicate potential credential harvesting unless it's part of a legitimate authentication process.
Metadata: The package is new and the maintainer has limited history, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

Test runner config found: pyproject.toml

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://thalesgroup.github.io/agilab
Detailed PyPI description (1590 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

174 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

5 unique contributor(s) across 69 commits in ThalesGroup/agilab
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

, request_factory=urllib.request.Request, urlopen_fn=urllib.request.urlopen,
quest, urlopen_fn=urllib.request.urlopen, ) class ContentRenamer(BaseContentRename

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

try: pull_result = subprocess.run( ["git", "-C", str(git_root), "lfs", "pull", f"-
return False try: subprocess.run( ["cmd", "/c", "mklink", "/J", str(dest), str(so

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

ng) try: secret = keyring.get_password(service, username) except keyring_errors as exc: # prag

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository ThalesGroup/agilab appears legitimate

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Package is very new: uploaded 3 day(s) ago
Author "Jean-Pierre Morard" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agi-env

Build a simple Python application using the agi-env package to demonstrate its core features.