Oathe Security Badge

Is meimakes/deep-current safe?

https://github.com/meimakes/deep-current

94
SAFE

Deep Current is a legitimate research thread management tool that provides a Python CLI for tracking research topics and integrates with agent web search capabilities. The skill contains no malicious code, doesn't attempt prompt injection, and exhibits normal clone behavior with no data exfiltration detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

INFO Contains executable Python CLI code -10

The skill includes a Python script (deep-current.py) for managing research threads, but uses only standard library functions with no dangerous operations like subprocess calls or eval().

INFO Instructs agent to use web search capabilities -10

The skill prompts the agent to use built-in web_search and web_fetch tools for research, which could theoretically access any website but is standard functionality for research tools.

INFO Complex automation instructions -5

The skill provides detailed step-by-step instructions for research automation which could be complex to audit, though no malicious patterns detected.

INFO Manages local data files -5

The skill creates and manages JSON files and markdown reports in local directories, which is normal for data persistence but represents data handling.