Score capped to 2.99 (raw score: 3.25) due to insufficient data in one or more signals. The composite is held at caution level until all signals can be fully evaluated.
Jun 12, 2026 at 11:01 AM6 signals analysedNo manual reviews · fully automated
Trust Signal Breakdown
medium23 sub-signals across 6 dimensions
CVEs, dependency health, and supply chain integrity
3 of 3 sub-signals with data
Known CVEs40%5.0
No known CVEs
via OSV.dev
Dependency Health30%5.0
14 dependencies (minimal)
via npm / PyPI
Supply Chain30%4.8
5 transitive CVEs found (penalty: -0.15)
via npm provenance
Uptime, latency, error rates, and incident history
Scored across 23 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)
Trust AssessmentAI Assessment
pentesting is an MIT-licensed npm package by agnusdei12071207 that provides an autonomous AI agent for offensive security testing. The package has zero maintenance signal (no recent updates or visible repository activity) and zero transparency signal (no accessible source code or documentation beyond marketing screenshots), which creates significant uncertainty about its actual capabilities and security posture. Given the sensitive nature of penetration testing tooling and the publisher's lack of established trust indicators, this package is not recommended for production security assessments without thorough vetting of its source code and behavior.