agledger

v0.8.15 suspicious
5.0
Medium Risk

AGLedger SDK — Accountability and audit infrastructure for agentic systems.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate level of risk due to potential obfuscation and incomplete metadata, which may indicate underlying issues or malicious intent.

  • Moderate obfuscation risk
  • Incomplete maintainer information
Per-check LLM notes
  • Network: Network calls are expected for packages that interact with external services or APIs.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The use of base64 decoding and hashing suggests cryptographic operations which could be legitimate, but the obfuscated code structure raises some suspicion.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: The repository has low activity and the maintainer information is incomplete, raising some suspicion.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 15 test file(s) found

  • Test runner config found: pyproject.toml
  • 15 test file(s) detected (e.g. test_client.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9228 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • Type checker (mypy / pyright / pytype) referenced in project
  • 544 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 8 commits in agledger-ai/sdk-python
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • self._client = http_client or httpx.Client(timeout=timeout) self._owns_client = http_client is
  • self._client = http_client or httpx.AsyncClient(timeout=timeout) self._owns_client = http_client is
Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • outcome = verify_cose_sign1(base64.b64decode(str(cose_sign1_b64)), public_key) return "invalid" if ou
  • t-cutover. envelope = base64.b64decode(str(leaf.get("cose_sign1"))) recomputed = hashlib.sh
  • loaded = _load_der_public_key(base64.b64decode(entry.spki_base64)) if not isinstance(loaded, _Ed255
  • .", ) envelope = base64.b64decode(cose_sign1_b64) recomputed = hashlib.sha256(envelope).he
  • ) from err raw = base64.b64decode(base64_key) if len(raw) == 32: return Ed25519Pub
  • try: signature = base64.b64decode(sig_field[1:-1]) except Exception: return False
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: agledger.ai>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agledger 
Create a mini-application called 'AgentAuditLog' using the Python package 'agledger'. This application will serve as an accountability and audit tool for a simple agentic system, such as a chatbot or any automated decision-making process. Your task is to design and implement a system where actions performed by the agent are logged and can be audited later.

Step 1: Set up your development environment with Python and install the 'agledger' package.

Step 2: Define a simple agent that performs actions (e.g., responding to user queries, making decisions based on inputs).

Step 3: Integrate 'agledger' into your application to log every action taken by the agent. Ensure that each log entry includes relevant details like the action performed, time of action, and any data involved.

Step 4: Implement a feature to query these logs. Users should be able to search for specific actions based on criteria such as time range, type of action, etc.

Step 5: Add an audit trail functionality that allows reviewing the sequence of events leading to a particular state of the system. This could be useful for debugging or understanding the reasoning behind certain outcomes.

Suggested Features:
- User interface for querying logs (command line or web-based)
- Support for exporting logs in various formats (CSV, JSON)
- Real-time logging capabilities
- Notifications when certain types of actions occur (e.g., via email or SMS)

Utilization of 'agledger': Use 'agledger' to manage the ledger of actions performed by the agent. Each entry in the ledger should represent an action taken by the agent, including metadata that helps in auditing. Leverage 'agledger' functionalities to ensure the integrity and immutability of the logs.