AgentMesh Governance
Security checks across malware telemetry and agentic risk
Overview
The skill’s governance purpose is coherent, but its wrapper scripts unsafely insert command-line inputs into Python code, and its persistent trust scoring can affect future agent behavior without clear safeguards.
Review this skill before installing. Its goal is legitimate for agent governance, but avoid passing untrusted agent names, messages, signatures, actions, or file paths into the scripts until the argument-handling bug is fixed. If you use it, install dependencies in an isolated environment, pin package versions, and manually review trust-score changes before allowing them to affect future delegation.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent passes attacker-controlled or untrusted text into these scripts, it could execute unintended local code under the user’s account.
Command-line arguments are embedded directly into a Python code string without escaping. A crafted policy path or action containing quotes could break out of the intended Python string and run unintended Python code.
python3 -c "... with open('$POLICY') as f: ... action = '$ACTION' ..."Do not pass untrusted values to these scripts as written. The publisher should replace python3 -c string interpolation with a real Python script that reads arguments via argparse or environment variables and safely handles all inputs.
Incorrect or manipulated trust updates could cause the agent to wrongly trust, distrust, or block other agents in later tasks.
The skill creates persistent trust state that can affect future delegation or blocking decisions, but the artifacts do not define who may update scores, where scores are stored, how changes are reviewed, or how users can revert poisoned or mistaken scores.
Success adds +0.01 to trust score. Failure subtracts the severity value. Agents dropping below the minimum threshold (default 0.5) are auto-blocked.
Use trust updates only with user review, keep backups or reset controls for trust state, and require bounded, authenticated, and auditable updates before relying on auto-blocking.
Installing from an unpinned package or repository can run code that was not part of this artifact review.
The setup depends on an external Python package and offers an unpinned GitHub install fallback. This is disclosed and aligned with the skill’s purpose, but the exact reviewed code may differ from what is later installed.
pip install agentmesh-governance ... pip install "agentmesh @ git+https://github.com/imran-siddique/agent-mesh.git"
Install only after verifying the package source, prefer pinned versions or commit hashes, and consider using an isolated Python environment.
Users may place more trust in the governance layer than the reviewed artifacts alone justify.
The skill makes strong trust and maturity claims, but the provided artifacts do not include supporting evidence for those claims. This does not prove deception, but users should not treat the claim as a security guarantee.
Enterprise-grade: 1,600+ tests, merged into Dify (65K★), LlamaIndex (47K★), Microsoft Agent-Lightning (15K★).
Independently verify maturity claims and test the policy, audit, and trust behavior before using it for important agent decisions.