Security checks across malware telemetry and agentic risk
Ganglion is a coherent operator skill, but it gives agents broad control over a local or remote execution bridge that can read project files, upload Python code, mutate pipelines, update prompts, run experiments, and roll back state.
Install only if you intend to let an agent operate Ganglion. Keep the HTTP bridge bound to localhost or a trusted admin network, do not expose source-read or mutation endpoints publicly, review any tool/agent/prompt/pipeline changes before applying them, avoid printing API keys, and inspect shared knowledge or rollback actions before using them in a shared or production project.
```bash
# Register a tool
curl -s -X POST "$GANGLION_URL/v1/tools" -H "Content-Type: application/json" \
-d '{"name":"my_tool","code":"<code>","category":"training"}' | jq .data
# Patch pipeline-d '{"name":"my_tool","code":"<code>","category":"training"}' | jq .data
# Patch pipeline
curl -s -X PATCH "$GANGLION_URL/v1/pipeline" -H "Content-Type: application/json" \
-d '{"operations":[{"op":"add_stage","stage":{"name":"validate","agent":"Validator","depends_on":["train"]}}]}' | jq .data
```# mcp_clients = [MCPClientConfig(name="weather", transport="stdio", command=["python", "-m", "weather_server"])]
# Dynamic: add at runtime via API
curl -s -X POST "$GANGLION_URL/v1/mcp/servers" -H "Content-Type: application/json" \
-d '{"name":"weather","transport":"stdio","command":["python","-m","weather_server"]}' | jq .data
# Check connected MCP servers### Register a Tool
```bash
curl -s -X POST "$GANGLION_URL/v1/tools" \
-H "Content-Type: application/json" \
-d '{
"name": "analyze_results",### Register a Tool (Validation Failure)
```bash
curl -s -X POST "$GANGLION_URL/v1/tools" \
-H "Content-Type: application/json" \
-d '{"name": "bad_tool", "code": "def bad_tool(x):\n pass", "category": "misc"}' | jq
```### Patch Pipeline
```bash
curl -s -X PATCH "$GANGLION_URL/v1/pipeline" \
-H "Content-Type: application/json" \
-d '{
"operations": [### Update a Prompt
```bash
curl -s -X POST "$GANGLION_URL/v1/prompts" \
-H "Content-Type: application/json" \
-d '{
"agent_name": "Trainer",### Register a New Tool
```bash
curl -s -X POST "$GANGLION_URL/v1/tools" \
-H "Content-Type: application/json" \
-d '{
"name": "my_tool",### Register a New Agent
```bash
curl -s -X POST "$GANGLION_URL/v1/agents" \
-H "Content-Type: application/json" \
-d '{
"name": "MyAgent",### Add a Stage
```bash
curl -s -X PATCH "$GANGLION_URL/v1/pipeline" \
-H "Content-Type: application/json" \
-d '{
"operations": [{### Remove a Stage
```bash
curl -s -X PATCH "$GANGLION_URL/v1/pipeline" \
-H "Content-Type: application/json" \
-d '{"operations": [{"op": "remove_stage", "stage_name": "validate"}]}' | jq
```### Update a Stage
```bash
curl -s -X PATCH "$GANGLION_URL/v1/pipeline" \
-H "Content-Type: application/json" \
-d '{
"operations": [{```bash
# Swap policy for a specific stage
curl -s -X PUT "$GANGLION_URL/v1/policies/train" \
-H "Content-Type: application/json" \
-d '{"retry_policy": {"type": "escalating", "max_attempts": 5, "temperature_step": 0.1}}' | jq-d '{"retry_policy": {"type": "escalating", "max_attempts": 5, "temperature_step": 0.1}}' | jq
# Swap the pipeline default policy
curl -s -X PUT "$GANGLION_URL/v1/policies/default" \
-H "Content-Type: application/json" \
-d '{"retry_policy": {"type": "fixed", "max_attempts": 3}}' | jq
```## Updating Prompts (Remote Only)
```bash
curl -s -X POST "$GANGLION_URL/v1/prompts" \
-H "Content-Type: application/json" \
-d '{
"agent_name": "Planner",66/66 vendors flagged this skill as clean.