Package Metadata

Author: —
Email: Microsoft Corporation <[email protected]>
PyPI: agt_sandbox
Python: >=3.11
Versions: 2 releases
First release: 01 Jun 2026, 20:33 UTC
Analysed: 06 Jun 2026, 13:23 UTC
Source files: 21 .py files scanned

Project Links

Bug Tracker Documentation Homepage Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersIntended Audience :: Science/ResearchLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Scientific/Engineering :: Artificial IntelligenceTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows significant risks related to shell execution and obfuscation techniques, which could potentially be used for malicious purposes. While there are no clear signs of a supply-chain attack, the package should be handled with caution.

High shell risk due to potential unauthorized command execution
High obfuscation risk indicating possible hidden command execution

Per-check LLM notes

Network: The network call is benign, likely for testing connectivity.
Shell: The shell execution attempts indicate potential for unauthorized command execution, suggesting elevated risk.
Obfuscation: The presence of base64 decoding and pty spawning suggests potential for executing hidden commands, indicating high obfuscation risk.
Credentials: Access patterns to system files like /etc/hosts and ../etc/passwd suggest attempts at reading sensitive information, indicating moderate credential harvesting risk.
Metadata: The maintainer has an incomplete profile and seems to be new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (7.4/10)

✦ High Test Suite 9.0

Test suite present — 8 test file(s) found

Test runner config found: pyproject.toml
8 test file(s) detected (e.g. __init__.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/microsoft/agent-governance-toolkit#readme
Detailed PyPI description (11247 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
99 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

14 unique contributor(s) across 100 commits in microsoft/agent-governance-toolkit
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

try: socket.create_connection(('1.1.1.1', 80), timeout=2) print('conne

⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

cmd.split()[1] assert base64.b64decode(encoded).decode("utf-8") == src def test_success_result
keypatch.setitem( __import__("sys").modules, "agent_os.policies.evaluator",
, "pty.spawn"), ("__import__('subprocess').run(['ls'])", "subprocess.run"), ], ) def t

⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

subprocess.run(['ls']) print("os.system('id')") """ assert scan_code_for_subprocesses(code)
ssion_id, "import subprocess; subprocess.run(['ls'])" ) def test_rule_allow_passes_throu
s(self): code = """ # subprocess.run(['ls']) print("os.system('id')") """ assert scan_cod

⚠ Credential Harvesting score 10.0

Found 4 credential access pattern(s)

"a1", h.session_id, "../etc/passwd" ) def test_delete_checkpoint_rejects_bad_
ers\\etc\\hosts`` (or ``/etc/hosts`` on Linux) raises ``FileNotFoundError`` from inside
" " with open('/etc/hosts') as f:\n" " f.read(1)\n" "
ocked", ( "host's /etc/hosts was reachable from inside the sandbox — " "file

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: microsoft.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository microsoft/agent-governance-toolkit appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agt_sandbox

Create a Python-based web application that allows users to safely execute untrusted code snippets in a controlled environment using the 'agt_sandbox' package. This application will serve as a sandboxed code evaluation tool, where users can input any Python code and see the output without risking the host system's security. The application should have the following features:

1. A simple user interface (UI) that accepts Python code from the user.
2. Integration of 'agt_sandbox' to run the provided code snippets within a secure, isolated environment.
3. Displaying the output of the executed code back to the user.
4. Handling errors gracefully, ensuring that any exceptions thrown during execution are caught and presented to the user in a user-friendly manner.
5. Logging of all executed code and its outputs for auditing purposes.
6. Optional feature: allowing users to specify the maximum time the code can run before being terminated to prevent infinite loops or resource exhaustion.
7. Optional feature: providing a set of predefined libraries and modules that can be imported and used in the code snippets, while restricting access to dangerous system functions.

The 'agt_sandbox' package will be crucial in this project as it provides the necessary isolation and safety mechanisms to ensure that the code runs securely. It will handle the creation of a safe execution environment, manage resources, and enforce time limits if specified by the user. Additionally, it will log all activities, which is essential for monitoring and auditing the usage of the sandboxed environment.