Safety Report

SlowMist Agent Security

Name: SlowMist Agent Security
Rating: 5 (10 reviews)
Author: slowmist

Comprehensive security review framework for AI agents. Covers skill/MCP installation, GitHub repos, URLs/documents, on-chain addresses, products/services, an...

1,108Downloads

4Installs

10Stars

3Versions

E-Commerce4,210 Security & Compliance3,689 PDF & Documents3,686 Maps & Geolocation2,013

Security Analysis

high confidence

Clean

This is an instruction-only security review framework whose requested resources and runtime guidance align with its stated purpose — no code, installs, or credentials are required by the skill itself.

Mar 25, 202615 files

Purpose & Capabilityok

Name/description match the actual contents: the package is purely a set of Markdown review workflows, patterns, and report templates. It does not request unrelated credentials, binaries, or config paths.

Instruction Scopeok

Runtime instructions are review-oriented (scan docs, inspect repos, apply patterns) and explicitly warn against executing external code. The docs describe checks that an agent should perform on external artifacts but do not instruct the agent to read local secret files or send data to external endpoints. (They do recommend optional use of external AML tooling if available.)

Install Mechanismok

No install spec and no code files — nothing is downloaded or written to disk by the skill itself. This is the lowest-risk delivery model.

Credentialsok

The skill declares no required environment variables, credentials, or config paths. References to external tools (e.g., MistTrack) are optional and conditional; the skill does not require secrets to operate.

Persistence & Privilegeok

always:false (default) and no instructions to modify agent configuration or persist credentials. The skill can be invoked by the agent (normal), but it does not request permanent presence or elevated privileges.

Guidance

This skill is an instruction-only security-review framework and is internally coherent. Before installing or enabling it: (1) Verify the homepage and publisher (confirm this GitHub repo is the official SlowMist source you expect), (2) keep the skill invocation human-mediated for high/critical findings (the docs already recommend human final authority), (3) if you enable optional integrations (e.g., MistTrack), only provide the minimal scoped credentials those integrations require and verify those endpoints, and (4) periodically re-audit the skill text for updates (instruction-only skills can change content without code changes). If you need stronger guarantees, consider running this guidance locally or reviewing the Markdown files yourself before trusting automated actions.

Latest Release

v0.1.2

- Downgraded version from 1.1.0 to 0.1.2 to align with intended release sequence. - No functional, documentation, or content changes introduced in this version.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @slowmist on ClawHub