Oathe Security Badge

Is imran-siddique/agentmesh-governance safe?

https://clawhub.ai/imran-siddique/agentmesh-governance

55
CAUTION

This skill presents significant security risks primarily through explicit code execution instructions, including package installation commands and executable shell scripts with embedded Python code. While the governance functionality appears legitimate, the implementation creates multiple attack vectors through external dependencies and direct code execution.

Category Scores

Prompt Injection 40/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 5/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 55/100 · 5%

Findings (9)

CRITICAL Explicit Package Installation Instructions -30

SKILL.md contains direct instructions for agents to install Python packages via pip, including installation from external Git repositories. This creates a significant code execution risk as malicious packages could be installed.

CRITICAL Executable Shell Scripts with Python Code -25

The skill includes multiple shell scripts containing embedded Python code that agents are instructed to execute. These scripts perform cryptographic operations, file system access, and attempt to import external modules.

HIGH Shell Script Execution Commands -20

The SKILL.md contains numerous direct instructions for agents to execute shell scripts, effectively turning documentation into executable commands.

HIGH Package Installation Instructions -25

The skill instructs agents to install packages from both PyPI and external Git repositories, which could be exploited to install malicious code.

HIGH Cryptographic Operations -20

The generate-identity.sh script performs Ed25519 key generation and cryptographic operations, increasing the attack surface and potential for misuse.

HIGH Supply Chain Risk -20

Heavy reliance on external package installation creates significant supply chain attack opportunities where malicious code could be injected through dependencies.

MEDIUM External Package Data Access -15

The required external agentmesh package could potentially access and exfiltrate data once installed, though this was not observed during monitoring.

MEDIUM External Repository References -10

The skill references external GitHub repositories for installation, creating potential for redirect attacks or dependency confusion.

MEDIUM File System Operations -10

Scripts perform file system read operations, particularly reading policy files that could be manipulated or could contain malicious content.