Anthropic SDK (Python)

registryPyPI

package nameanthropic

maintainerAnthropic

The official Anthropic Python SDK for the Claude 3 and Claude 4 model families, covering the Messages API, vision inputs, extended context, and tool use. Claude adoption in enterprise AI stacks has grown substantially since Claude 3. Applications that use the SDK pass an Anthropic API key that grants full model access.

api usage

Checking Anthropic SDK (Python)

anthropic 0.34.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=anthropic&version=0.34.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "anthropic",
  "version": "0.34.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Like other LLM SDK packages, a compromised version can harvest the API key before the first request, silently forward conversation content to a third party, or manipulate tool-use responses to redirect the application toward attacker-controlled endpoints.

Attestd monitors anthropic using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages OpenAI SDK (Python)LangChain LiteLLM Response fields