Oathe Security Badge

Is 0xTimi/agent-squad safe?

https://clawhub.ai/0xTimi/agent-squad

89
SAFE

Agent Squad is a legitimate tool for managing persistent AI coding agents in tmux sessions. While it enables high-risk autonomous operations, these risks are clearly disclosed and appropriate for the tool's intended purpose. The skill includes proper security warnings and transparent documentation.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

HIGH Autonomous AI agent execution with full filesystem access -10

The skill creates persistent AI agents that run in tmux sessions with full-auto mode, allowing them to read, write, delete files, and execute commands without permission prompts. This is disclosed functionality with appropriate warnings.

MEDIUM Full-auto mode bypasses AI safety prompts -15

AI engines run with flags that bypass permission prompts to enable unattended operation. Users are warned to keep sensitive files out of project directories.

LOW Autonomous operation could amplify risks -10

The skill's autonomous AI execution capabilities could potentially amplify risks when combined with other tools or in untrusted environments, though this is inherent to its purpose.

LOW Complex instruction set for AI management -5

The skill contains extensive instructions for managing AI squads, though these are legitimate and do not attempt to override system behavior.