AgentMesh Governance
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill has a coherent governance purpose, but its shell wrappers insert command-line inputs directly into Python code, which can allow unintended local code execution.
Review and fix the shell wrappers before installing or using this skill, especially if any arguments may come from another agent or untrusted text. Pin and verify the external AgentMesh dependency, and do not rely on the policy check as a complete approval gate until human-approval handling is made fail-closed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed value passed into these scripts could run unintended Python code on the user's machine.
Command-line arguments are expanded directly into a Python source string. If an action, policy path, agent name, DID, message, or similar value contains quotes or Python syntax, it can alter the code executed by python3. The same interpolation pattern appears across multiple wrapper scripts.
python3 -c " ... with open('$POLICY') as f: ... action = '$ACTION' ... tokens = int('${TOKENS:-0}' or '0') ... "Rewrite wrappers to pass inputs through argv, environment variables, JSON, or stdin instead of embedding them in python3 -c strings; validate and quote all arguments safely.
An action could be reported as allowed even when the policy says human approval is required, making governance enforcement weaker than users may expect.
The script reports that human approval may be required, but the allowed decision does not incorporate that requirement. This conflicts with the skill's advertised policy-gating role unless the caller performs extra handling.
'allowed': len(violations) == 0, ... 'require_human_approval': p.get('require_human_approval', False)Make approval requirements fail closed, document the approval workflow clearly, and ensure callers do not proceed when require_human_approval is true.
The installed package could change over time or differ from the reviewed files.
The setup instructions install an external dependency without a pinned version, hash, or commit. This is expected for this integration but leaves provenance and reproducibility to the user.
pip install agentmesh-governance ... pip install "agentmesh @ git+https://github.com/imran-siddique/agent-mesh.git"
Install from a trusted source, pin a specific version or commit, and review the external package before using it in sensitive workflows.
Bad trust updates could cause useful agents to be blocked or untrusted agents to gain credibility.
The skill intentionally stores or updates trust state that can affect future delegation decisions. This is purpose-aligned, but incorrect or manipulated interaction records could poison later trust decisions.
After collaboration: Run `record-interaction.sh` to update trust ... Agents dropping below the minimum threshold (default 0.5) are auto-blocked.
Restrict who can record interactions, keep an audit trail, and provide a way to review or roll back trust-score changes.