brin
brin

google-adk

PyPI

Is google-adk safe to use?

The latest brin safety scan flagged google-adk v1.25.1 with risk indicators that warrant review. No known CVE vulnerabilities and 2 detected threat patterns, including patterns consistent with insecure deserialization and insecure deserialization. Trust score: 65/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

google-adk Has Confirmed Threats

Confirmed threat patterns detected in this package

critical
CVEs

0

Threats

2

Install Scripts

0

google-adk Confirmed Threats (2)

Insecure Deserialization
confidence: 75%confirmed

Location: src/google/adk/sessions/schemas/v0.py:88

return pickle.loads(value)
Insecure Deserialization
confidence: 75%confirmed

Location: src/google/adk/sessions/migration/migrate_from_sqlalchemy_pickle.py:62

actions = pickle.loads(actions_val)

brin Recommendations

  • This package is assessed as high-risk. Manual review is strongly recommended before use.
  • 2 verified threat patterns detected. Review the specific findings and consider alternatives.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

google-adk Capabilities & Permissions

What google-adk can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

127.0.0.1accounts.google.comadk-agent-builder-knowledge-service-654646711756.us-central1.run.appagentclientprotocol.comai.google.devaistudio.google.comapihub.googleapis.combigquery.googleapis.comcloud.google.comcloudapiregistry.googleapis.com+23 more
Protocols: http, https

Filesystem Access

Reads and writes to the filesystem.

.env (rw)__pycache__ (rw).env (rw).env (rw)/home/ (rw).env (rw)requirements.txt (rw).env (rw)+26 more

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

CODE_INTERPRETER_EXTENSION_NAMEGOOGLE_API_KEYGOOGLE_CLOUD_LOCATIONGOOGLE_CLOUD_PROJECTGOOGLE_GENAI_USE_VERTEXAIMY_FLAGVERTEXAI_LOCATIONVERTEXAI_PROJECT_AGENT_ENGINE_TELEMETRY_ENV_VARIABLE_NAME+9 more

Native Modules

Contains native code that runs outside the JavaScript sandbox.

numpypandasscipy

AGENTS.md for google-adk

Good instructions lead to good results. brin adds google-adk documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

google-adk Documentation & Source Code

For the full google-adk README, API documentation, and source code, visit the official package registry.

View on PyPI

Frequently asked questions about google-adk safety

Weekly Downloads

796.1K

Version

1.25.1

Last Scanned

2 days ago

Trust Score

65/100·Legitimacy signals, not safety

Confirmed Threats (2)

insecure deserializationconfirmed

Location: src/google/adk/sessions/schemas/v0.py:88

Confidence: 75%

return pickle.loads(value)
insecure deserializationconfirmed

Location: src/google/adk/sessions/migration/migrate_from_sqlalchemy_pickle.py:62

Confidence: 75%

actions = pickle.loads(actions_val)

Confirmed threats have been validated by human review and represent real risks.

Capabilities

Network

Connects to: 127.0.0.1, accounts.google.com, adk-agent-builder-knowledge-service-654646711756.us-central1.run.app...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: , CODE_INTERPRETER_EXTENSION_NAME, GOOGLE_API_KEY...

Native

Contains native modules