SkillTotal

Is autogen-core safe?

No malicious indicators - review capabilities before installing
Notable — review in context (capabilities are not malware):
  • Python dynamic code execution

autogen-core is an AI python_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 1 risky construct are reported for review. It can: dynamic code execution — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).

autogen-core 0.7.5

python_package · pypi:autogen-core
LOW
0
/ 100 risk score
Snapshot · scanned Jul 7, 2026 · autogen-core@0.7.5 · engine 0.34.2 / ruleset 34

Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of autogen-core's authors. Report a false positive.

Capabilities — what this component can do (not a risk score):
dynamic code execution

Findings (1)

HIGHPython dynamic code executionST-DYN-PY

The code turns strings into live code at runtime (eval / new Function / exec).

Why it matters: If those strings aren't fixed and trusted, they become a way to run arbitrary code.

Fix: Avoid evaluating dynamically constructed code; if unavoidable, ensure the input is a trusted constant and never derived from external data.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →