ai-agent-passport

v0.2.2 suspicious
7.0
High Risk

Signed identity and policy checks for AI agents.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows a moderate risk level due to its high credential risk and potential inactivity. The attempt to read from the SSH private key file raises significant concerns about potential credential harvesting.

  • High credential risk due to accessing SSH private keys
  • Potential inactivity indicated by a new maintainer and missing classifiers
Per-check LLM notes
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code attempts to read from the SSH private key file (~/.ssh/id_rsa), which is a high-risk operation typically associated with credential harvesting.
  • Metadata: Low risk due to lack of suspicious flags, but new maintainer and missing classifiers suggest potential low effort or inactivity.

πŸ“¦ Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present β€” 8 test file(s) found

  • 8 test file(s) detected (e.g. test_api.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (6832 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 69 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked β€” contributor count unavailable

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • _runs() -> None: result = subprocess.run( [sys.executable, "examples/gateway_demo/run_demo.py
  • _runs() -> None: result = subprocess.run( [sys.executable, "examples/mcp_proxy_demo/run_demo.
⚠ Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • --resource", "~/.ssh/id_rsa", ], ) assert blocked.exit_code
  • licy(tmp_path), "read_file", "~/.ssh/id_rsa") assert decision.allowed is False assert "protect
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Alexander Manev" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with ai-agent-passport 
Create a secure AI agent management system using the Python package 'ai-agent-passport'. This system will allow users to create, manage, and authenticate AI agents within a network environment. Each AI agent will have a unique signed identity and associated policies that dictate its capabilities and permissions. Here’s a detailed breakdown of the project steps and features:

1. **Setup**: Install the necessary packages including 'ai-agent-passport' and any other dependencies required for the project.
2. **Agent Creation**: Develop a feature where users can create new AI agents. Each agent should receive a unique signed identity using the 'ai-agent-passport' package.
3. **Policy Management**: Implement functionality to define and assign policies to each AI agent. Policies should include actions the agent is allowed to perform, resources it can access, etc.
4. **Authentication and Authorization**: Use 'ai-agent-passport' to verify the identity and check policies of incoming requests from AI agents. Ensure only authorized actions are executed based on the agent's assigned policies.
5. **Monitoring and Logging**: Add monitoring tools to track the activities of AI agents and log their actions for auditing purposes.
6. **User Interface**: Design a simple user interface (UI) for managing agents and viewing logs. This UI should allow administrators to easily add, modify, delete agents, and view logs.
7. **Security Enhancements**: Incorporate additional security measures such as encryption for sensitive data and secure communication channels between agents and the management system.

This project aims to demonstrate the practical use of 'ai-agent-passport' in creating a robust and secure AI agent management system.