Morgana Mordred Security Sandbox
v4.1.1Performs semantic security analysis and stress testing of AI agents using vector embeddings and multi-node defense strategies.
⭐ 0· 16·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (semantic security analysis, embeddings, multi-node nodes) match the code and SKILL.md: the script calls a local Ollama embeddings endpoint and uses node profiles to compute STC scores. Requiring Ollama and embedding models is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs running a local Ollama server and pulling two models (nomic-embed-text and gemma3:4b) and then running the Python script. The instructions do not ask for unrelated files, secrets, or remote endpoints. However the docs make strong accuracy/performance claims (100% multilingual accuracy, 100% test pass rate) that are unrealistic. The node keyword lists include dangerous/capability keywords (e.g., 'sudo', 'rm -rf', 'killall', 'exploit', 'zeroday') — appropriate for detection but they also mean the tool may surface or suggest powerful system commands during red-team/stress tests, so treat outputs with caution.
Install Mechanism
This is instruction-only (no installer). SKILL.md directs users to 'pip install ollama' and to 'ollama pull' models. That is a low-risk, transparent install surface, but 'pip install ollama' may be incorrect for some Ollama distributions (Ollama is often installed as a native binary). Model pulls will download large model artifacts — expected for this purpose — and are from Ollama, not an unknown URL.
Credentials
The skill requires no environment variables, no credentials, and the code calls only a local host endpoint. There are no declared or required secrets, which is proportionate to the described functionality.
Persistence & Privilege
Skill is not always-enabled and has no install-time hooks or config writes described; it does not request elevated privileges or modify other skills. Autonomous model invocation is allowed by platform default (not a specific red flag here).
Assessment
This skill is broadly coherent with its stated purpose, but take these precautions before installing or running:
- Verify 'Ollama' is installed from an official source and that the local Ollama server will run on localhost:11434 as the code expects. The SKILL.md's 'pip install ollama' step may not be the correct installation method in all environments.
- Pulling models (nomic-embed-text, gemma3:4b) will download large model files; do this only on machines where you expect such downloads and storage.
- Run the script in an isolated/test environment first (not on production hosts). The tool may surface or suggest system-level actions (node keywords include 'sudo', 'rm -rf', 'killall', 'exploit'), and its stress tests could generate heavy load.
- Do not feed secrets or sensitive data into the tool or models unless you control the model environment and know its data handling policies.
- Treat its high-accuracy and 100% test claims skeptically; validate outputs against known cases before relying on them for critical decisions.
If you want higher confidence, share the full unabbreviated src/mordred_v4.1.py for a line-by-line review and confirm how the script handles unexpected responses from the Ollama server and whether it makes any external network calls beyond localhost.Like a lobster shell, security has layers — review code before you run it.
ai-agentsvk9719czqvyhkv8b52vxr70j72984jwrjlatestvk9719czqvyhkv8b52vxr70j72984jwrjsandboxvk9719czqvyhkv8b52vxr70j72984jwrjsecurityvk9719czqvyhkv8b52vxr70j72984jwrjstcvk9719czqvyhkv8b52vxr70j72984jwrj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.