Collective immunity network for AI agents. When one agent detects a prompt injection attack, all connected agents become immune. Real-time pattern detection, community voting, and distributed threat intelligence. Built on top of prompt-guard.
Security Analysis
medium confidenceThe skill's description and runtime instructions claim a networked npm package that automatically reports detected prompt patterns, but the registry entry contains no code or install spec, no declared credentials, and points to a personal Cloudflare Workers API — these mismatches and the potential for sending user prompt data make the package suspicious until its source and reporting behavior are verified.
SKILL.md describes an npm package (import { protect, reportThreat } from 'hivefence') and networked behavior (reporting/voting endpoints), but the registry entry is instruction-only with no code files, no install spec, and 'source: unknown'. A networked community-reporting system would reasonably require authenticated endpoints and/or credentials — none are declared. The package claims to be available on npm/GitHub, but the registry metadata doesn't supply or verify those artifacts.
Instructions tell agents to scan incoming prompts and automatically report new patterns to the network. That implies transmitting information derived from user prompts to a remote API. The SKILL.md asserts 'privacy-preserving' (only SHA-256 hashes shared) but gives no concrete hashing workflow, no local-only verification steps, and no restriction against sending raw or partially identifiable data. Automatic reporting of prompt content (even hashed) risks exfiltration or deanonymization and is broader than what a sandboxed, instruction-only skill should assume.
There is no install spec in the registry; SKILL.md recommends using npx or npm install. That discrepancy is notable: the skill itself provides no package or code to inspect in the registry, but tells users/agents to fetch code from external registries. Instructing installation from npm when no package was bundled means the agent would download third-party code at runtime — a behavior that requires verification of the actual npm/GitHub package before trusting.
The skill declares no required environment variables or credentials, yet its functionality (reporting, voting, fetching approved patterns) implies network interactions that typically require authentication and configuration. The absence of declared credentials is inconsistent with the described capabilities. Additionally, privacy guarantees about only sharing SHA-256 hashes are asserted but not demonstrated or enforced in instructions, leaving sensitive data exposure plausible.
always is false (good) and model invocation is allowed by default (expected). However, the combination of autonomous invocation and automatic network reporting is risky: an agent could autonomously send (hashed or raw) prompt-derived data to an external personal API endpoint. This is not a direct registry privilege escalation but increases the blast radius if the remote service or reporting logic is malicious.
Guidance
Things to check before installing: 1) Verify the package source — confirm the hivefence npm package and GitHub repo match the SKILL.md and inspect the code, install scripts, and license. 2) Confirm the reporting workflow — what exactly is sent to the API, where hashing happens (locally), and whether any raw prompt content or identifiers could be transmitted. 3) Verify authentication and endpoint ownership — the base URL is a personal Cloudflare Workers domain; confirm who controls it and whether anonymous reporting is allowed. 4) Prefer an opt-in model — do not enable automatic reporting of user prompts without explicit consent and local review. 5) If you can't review the upstream package source and code, avoid installing or running the npm instructions recommended in SKILL.md. What would change this assessment: the repo and npm package are published and verifiably authored, the code shows local-only SHA-256 hashing before any network I/O, reports contain no identifiable data, and reporting requires explicit opt-in or authenticated endpoints.
Latest Release
v1.0.0
- Initial release of HiveFence v1.0.0 - Collective prompt injection defense network for AI agents; immunity spreads to all when one agent detects a threat - Real-time, multi-language attack detection (EN, KO, JA, ZH) with <50ms response - Community voting system for validating new attack patterns - Privacy-preserving threat sharing using SHA-256 hashes - Risk-based prioritization with severity scoring - Fast, edge-first deployment on Cloudflare Workers (300+ locations) - Public API endpoints for threat submission, voting, and statistics
More by @seojoonkim
Published by @seojoonkim on ClawHub
