Aagent System

多智能体自动化系统，用于AI Agent技能样本采集、安全扫描、威胁情报收集和研究分析。支持单机多进程架构，可自动采集样本、检测恶意技能、提取IOC、更新规则。触发命令: /aagent start

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 63 · 0 current installs · 0 all-time installs

by@caidongyun

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

!

Purpose & Capability

Most code (collectors, scanners, perf monitor, evolver, designer) aligns with the stated purpose of automated sample collection and scanning. However several agents call external shell scripts located in the user's home directory (e.g., analyzer: '~/aass-scripts/3layer_scheduler.sh', researcher: '~/aass-scripts/daily_intel.sh', scanner: '~/aass-dataset/secure_dataset.sh'), which are not mentioned in SKILL.md or other documentation and are outside the skill's codebase — this is disproportionate to the described functionality and unexplained.

!

Instruction Scope

SKILL.md instructs running node agent manager and viewing local data files (samples.json, logs) which is fine. But runtime code extends scope by: executing arbitrary shell scripts in ~ (see analyzer/researcher/scanner), launching background processes with inline shell commands (orchestrator, evolver spawn new agents via exec with '&'), and invoking pgrep to enumerate processes. Those actions read and execute things outside the skill directory and give the skill broad runtime effects beyond simple API scraping and scanning.

ℹ

Install Mechanism

No install spec (instruction-only install) reduces supply-chain download risk. But this skill includes many JavaScript files that will be placed in the workspace and executed if started — there is no external binary download, which is lower risk than remote installers, but the included code will still spawn processes and run shell commands locally.

ℹ

Credentials

The skill declares no required environment variables or credentials (appropriate for public registry scraping). That said, it performs network requests to many external endpoints (npm, cnpm, GitHub) and may start scripts in the user's home that could access credentials present there — the code does not request secrets but could execute local shell scripts that read them, which is a potential indirect risk.

!

Persistence & Privilege

always:false (good). But the orchestrator and evolver intentionally spawn many background Node processes (e.g., startRole uses 'node agents/... > /dev/null 2>&1 &' and evolver executes background nodes in a loop). That grants the skill persistent, multi-process presence and can consume significant system resources or run arbitrary commands (especially combined with execution of home-directory scripts). This persistent process-spawning is more privileged than a simple synchronous skill invocation.

What to consider before installing

This skill's code mostly matches its claimed purpose (collecting and scanning packages), but it also executes shell scripts from the user's home (~) and launches many background processes — behaviors not described in the SKILL.md. Before installing or running it: 1) Inspect the referenced shell scripts (~/aass-scripts/* and ~/aass-dataset/*) or remove those exec calls; 2) Run the skill in a sandboxed environment (VM/container) and limit its network access; 3) Consider limiting process permissions and resource caps (CPU/memory); 4) Confirm the skill's provenance — there is no homepage or owner info beyond an ID; 5) If you cannot audit the external scripts, do not run this on a production or sensitive machine. These steps will reduce the risk that hidden or unrelated local scripts are executed or that the system is overwhelmed by spawned processes.

✗

agents/analyzer/agent.cjs:9