apoa

v0.3.2 suspicious
4.0
Medium Risk

Python SDK for the Agentic Power of Attorney (APOA) standard

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential interaction with an external API and an unknown maintainer, though no direct malicious activities were detected.

  • Moderate network risk due to potential interaction with an external API.
  • Maintainer metadata lacks author information, raising suspicion.
Per-check LLM notes
  • Network: The observed network call pattern suggests the package might be designed to interact with an external API, which is not inherently suspicious but requires further investigation into the purpose and destination of the calls.
  • Shell: No shell execution patterns were detected, indicating a low risk of direct system command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer's author name is missing and they appear to be new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.0/10)

✦ High Test Suite 9.0

Test suite present — 13 test file(s) found

  • Test runner config found: pyproject.toml
  • 13 test file(s) detected (e.g. test_apoa.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/agenticpoa/apoa/tree/main/sdks/python
  • Detailed PyPI description (2900 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 109 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 60 commits in agenticpoa/apoa
  • Single author but highly active (60 commits)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • str) -> bytes: request = urllib.request.Request( url, headers={"Accept": "applicatio
  • cation/json"}, ) with urllib.request.urlopen(request, timeout=10) as response: if respons
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository agenticpoa/apoa appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with apoa 
Create a mini-application that facilitates the management and verification of Agentic Power of Attorney (APOA) documents using the 'apoa' Python package. Your application should allow users to:

1. Upload APOA documents.
2. Validate the authenticity of these documents.
3. Retrieve specific information from the documents, such as the agent's name, principal's name, start date, and end date.
4. Provide a summary view of all uploaded APOA documents with key details.
5. Allow users to search for specific APOA documents based on certain criteria like the agent's name or document ID.
6. Optionally, provide a feature to notify relevant parties when an APOA document is about to expire.

To achieve these functionalities, you will need to use the 'apoa' package to parse and validate APOA documents. Ensure your application is user-friendly and includes error handling for invalid uploads or parsing errors. Additionally, consider implementing a simple database to store and manage APOA document information securely.