aigentsy

v1.10.0 suspicious
6.0
Medium Risk

ProofPack creation, offline verification, acceptance-gated settlement coordination, and SDK primitives for agent commerce.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant obfuscation and shell execution risks, which may indicate attempts to conceal malicious activities or execute unauthorized code.

  • High obfuscation risk through base64 decoding of cryptographic keys
  • Potential for arbitrary code execution via subprocess calls
Per-check LLM notes
  • Network: The use of HTTPX client and async client with base URL suggests potential external network communication which could be benign but requires further investigation to confirm its purpose.
  • Shell: Subprocess calls to run Python scripts within the package might indicate legitimate functionality but also pose risks for executing arbitrary code, warranting careful scrutiny.
  • Obfuscation: The use of base64 decoding for cryptographic keys suggests potential obfuscation to hide the actual operations being performed.
  • Credentials: No clear patterns indicating direct credential harvesting were found.
  • Metadata: The package has no associated GitHub repository and the maintainer's author name is missing or very short, indicating potential lack of transparency and accountability.

πŸ“¦ Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present β€” 3 test file(s) found

  • Test runner config found: pyproject.toml
  • 3 test file(s) detected (e.g. test_settlement_lifecycle.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://aigentsy.com/data/protocol_docs.md
  • Detailed PyPI description (11540 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 147 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked β€” contributor count unavailable

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • creds = _load_creds() c = httpx.Client(base_url=BASE, timeout=30.0) return c, creds def cmd_i
  • pi_key self._client = httpx.Client(base_url=self._base, timeout=30.0) def _headers(self) -
  • pi_key self._client = httpx.AsyncClient(base_url=self._base, timeout=30.0) def _headers(self, a
⚠ Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • 4"] canonical_bytes = base64.b64decode(canonical_b64) # 2. Sign locally β€” private key neve
  • this scope priv_raw = base64.b64decode(keypair.private_key_base64) try: priv =
  • t_notice=False) raw = base64.b64decode(kp.public_key_base64) assert len(raw) == 32, (
  • t_notice=False) raw = base64.b64decode(kp.private_key_base64) assert len(raw) == 32, (
⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • ("PYTHONPATH", "") return subprocess.run( [sys.executable, "-m", "aigentsy", *args],
  • env.pop(k, None) proc = subprocess.run( [sys.executable, "agent.py"], cwd=target,
  • get("PYTHONPATH", "") r = subprocess.run( [sys.executable, "-m", "aigentsy", "--help"],
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: aigentsy.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with aigentsy 
Develop a mini-commerce platform named 'AgentMart' using the Python package 'aigentsy'. This platform will allow users to create proof packs for their products, verify them offline, and coordinate acceptance-gated settlements for transactions. Here’s a detailed plan on how to implement it:

1. **User Registration and Authentication**: Users can sign up and log in to AgentMart. They will have profiles where they can upload product details.
2. **Product Listing**: Users can list their products with descriptions, images, and pricing information. Each product listing will include a section for generating a proof pack.
3. **Proof Pack Creation**: Using the 'aigentsy' package, enable users to create proof packs for their products. These proof packs will contain all necessary information to prove the authenticity and value of the product.
4. **Offline Verification**: Provide a feature for users to verify these proof packs offline. Once verified, the status of the proof pack changes to 'verified'.
5. **Transaction Coordination**: Implement a system for coordinating transactions based on the acceptance of proof packs. Buyers will be able to purchase products only after verifying the proof packs provided by sellers.
6. **Settlements**: Coordinate acceptance-gated settlements between buyers and sellers. Only when both parties agree on the terms will the transaction be finalized.
7. **SDK Integration**: Utilize 'aigentsy' SDK primitives to integrate advanced functionalities like secure communication channels, automated verification processes, and smart contract-like mechanisms for handling transactions.
8. **Admin Panel**: Develop an admin panel to manage user accounts, monitor transactions, and handle disputes.
9. **Security Measures**: Ensure the platform is secure by implementing encryption, secure data storage, and robust authentication mechanisms.

This project aims to showcase the capabilities of 'aigentsy' in facilitating secure, verifiable, and efficient commerce operations.