Package Metadata

Author: aarjay
Email: —
PyPI: attestor
Python: <4.0,>=3.10
Versions: 18 releases
First release: 18 Apr 2026, 17:00 UTC
Analysed: 07 Jun 2026, 20:31 UTC
Source files: 61 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14Topic :: Scientific/Engineering :: Artificial Intelligence

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risks associated with credential harvesting and obfuscation, suggesting potential malicious intent. While other aspects like network and metadata risks are lower, the combination of findings points towards a non-trivial level of concern.

High credential risk
Significant obfuscation
Potential for shell abuse

Per-check LLM notes

Network: The network patterns indicate HTTP requests which could be benign if the package is designed to interact with external services.
Shell: The shell execution patterns suggest interaction with Docker, potentially indicating functionality related to container management but could also be used for unauthorized operations.
Obfuscation: The obfuscation pattern is suspicious as it uses environment variable import and unusual naming conventions, which could be used to hide code logic.
Credentials: The credential harvesting pattern is highly suspicious as it attempts to read from an unexpected file path, potentially allowing access to sensitive system files.
Metadata: The maintainer has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

Test runner config found: pyproject.toml

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (54763 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Type checker (mypy / pyright / pytype) referenced in project
337 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 5.0

Limited contributor diversity

1 unique contributor(s) across 100 commits in bolnet/attestor
Single author but highly active (100 commits)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

contextlib.suppress(OSError), socket.create_connection((host, port), timeout=timeout): return True retu
(body).encode() req = urllib.request.Request( url, data=data, headers=self._headers,
"POST" ) with urllib.request.urlopen(req, timeout=self.timeout) as resp: resu
ase_url}{path}" req = urllib.request.Request(url, headers=self._headers, method="GET") wi
s, method="GET") with urllib.request.urlopen(req, timeout=self.timeout) as resp: resu
port requests resp = requests.get("http://localhost:11434/api/tags", timeout=2) return

⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

CTION_COOLDOWN_S = float( __import__("os").environ.get("ATTESTOR_REFLECTION_COOLDOWN_S", "0"), ) _refl
edDict _CACHE_MAX_SIZE = int(__import__("os").environ.get("ATTESTOR_ENTITY_CACHE_MAX", "2048")) _CACHE: O

⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

False try: return subprocess.run( ["docker", "info"], capture_output=True, timeou
bool: try: out = subprocess.run( ["docker", "inspect", "--format", "{{.State.Hea
d)}") try: proc = subprocess.run(cmd, capture_output=True, text=True, timeout=600) except
el}") try: proc = subprocess.run(cmd, capture_output=True, text=True, timeout=180) except

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

a relative ``--env-file ../../etc/passwd`` can't silently traverse out of the user's working tre

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository bolnet/attestor appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "aarjay" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with attestor

Develop a mini-application named 'MemoryGuard' that leverages the 'attestor' package to manage secure, isolated memories for various agents within a simulated multi-agent system environment. The goal of MemoryGuard is to demonstrate the core functionalities of 'attestor', such as namespace isolation, role-based access control (RBAC), provenance tracking, and ranked retrieval of data. This application will be a valuable tool for developers looking to understand and implement secure memory management strategies in complex, multi-agent systems.

**Step-by-Step Development Plan:**
1. **Setup Project Environment:** Begin by setting up your Python development environment and installing the necessary packages, including 'attestor'. Ensure that your virtual environment is properly configured for dependency management.
2. **Define Agent Classes:** Create a set of agent classes that will interact with the memory system. Each agent should have unique attributes such as name, type, and roles. Define methods for these agents to perform actions like reading, writing, and retrieving information from the memory.
3. **Implement Namespace Isolation:** Utilize 'attestor' to create isolated namespaces for each agent. This ensures that data written by one agent cannot be directly accessed by another unless explicitly allowed through permissions.
4. **Integrate RBAC System:** Implement a Role-Based Access Control (RBAC) mechanism using 'attestor'. Assign different roles to agents and define what operations they are permitted to perform within their respective namespaces.
5. **Provenance Tracking:** Enable tracking of all data modifications made by agents. Each write operation should log who performed it, when it was done, and any relevant metadata. This will allow for auditing and accountability.
6. **Ranked Retrieval Functionality:** Develop a feature that allows agents to search for specific pieces of data based on criteria such as time stamps, authors, or content relevance. Use 'attestor' to rank and return the most relevant results first.
7. **User Interface (Optional):** Consider adding a simple command-line interface (CLI) or a graphical user interface (GUI) for easier interaction with MemoryGuard. This UI should allow users to view the current state of the memory, perform CRUD operations, and monitor activity logs.
8. **Testing and Documentation:** Thoroughly test the application to ensure all features work as expected. Write comprehensive documentation detailing how to install, configure, and use MemoryGuard effectively.

**Suggested Features:**
- Support for dynamic role assignment and permission updates.
- Secure encryption of data at rest and in transit.
- Real-time monitoring of memory activities.
- Integration with external authentication services for enhanced security.
- Export/import functionality for data backups and migrations.

By following these steps and implementing these features, you'll create a robust and secure mini-application that showcases the power and flexibility of the 'attestor' package.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (5.4/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue