Add trust command for package trust verification#44
Conversation
Adds `hackmyagent trust` command that queries the OpenA2A Registry to check trust scores, vulnerability status, and dependency risk for MCP servers, A2A agents, and AI tools before installation. Three modes: - `trust <package>` -- single package lookup - `trust --audit <file>` -- audit package.json or requirements.txt - `trust --batch pkg1 pkg2` -- batch lookup for multiple packages Uses the same Registry API endpoints as ai-trust (added as dependency), with output formatting consistent with HMA's existing color system.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
Security Review: PR #44 - Add trust command for package trust verification
VERDICT: APPROVE
SUMMARY:
This PR adds a trust command for querying the OpenA2A Registry API to check trust scores for AI packages. The implementation includes three modes: single package lookup, batch lookup, and dependency file auditing. After thorough verification of all potential security concerns, I found no exploitable vulnerabilities. All user inputs are properly validated, external API calls are safe, file operations are protected, and the code follows secure patterns throughout.
FINDINGS:
None. All initially identified concerns were mitigated upon verification:
Verified Safe Patterns:
-
URL Construction (lines 4649, 4669) - VERIFIED SAFE
registryUrlis sanitized via.replace(/\/+$/, '')at line 4908 before use- User-controlled
nameparameter is passed throughURLSearchParamsconstructor which automatically URL-encodes values - No string concatenation or template injection possible
-
Arbitrary File Read (line 4830) - VERIFIED SAFE
parseDepsFile()receivesfilePathfrom Commander option--audit <file>- Commander treats option values as raw strings (no shell expansion)
- User explicitly provides the path they want to read (intended functionality)
- No path traversal validation needed - user chooses which file to audit
- Only supports package.json/requirements.txt (line 4869 throws on others)
-
JSON Parsing (lines 4660, 4679, 4836) - VERIFIED SAFE
- Line 4660: Parses response from Registry API (external but HTTPS, not arbitrary user input)
- Line 4679: Same as above (batch endpoint)
- Line 4836: Parses user's own package.json file (user chose to audit their own file)
- Standard
JSON.parse()errors are caught by outer try/catch (line 4915)
-
ReDoS in Requirements Parsing (line 4857) - VERIFIED SAFE
- Regex:
/^([a-zA-Z0-9_-]+(?:\[[a-zA-Z0-9_,-]+\])?)/ - Pattern is linear-time: single character class with optional bracketed section
- No nested quantifiers or catastrophic backtracking paths
- Bounded by line splits (one match per line)
- Regex:
-
Integer Parsing (line 4909) - VERIFIED SAFE
parseInt(opts.minTrust, 10)with base-10 specified- Validated:
isNaN(minTrust) || minTrust < 0 || minTrust > 4(lines 4910-4913) - Safe range enforcement before use
-
SSRF via Registry URL (lines 4649, 4669) - VERIFIED ACCEPTABLE
- Default:
https://api.oa2a.org(hardcoded constant line 4612) - User can override via
--registry-urlflag - Design Intent: Users should be able to point to alternate/dev registries
- This is a CLI tool where users control their own environment
- No automatic execution of untrusted URLs
- Default:
All security boundaries are correctly enforced. The code properly handles user input, validates ranges, and safely interacts with external APIs.
Reviewed 3 files changed (15246 bytes)
1 participant
Summary
hackmyagent trust <package>for single package trust lookuphackmyagent trust --audit <file>to scan package.json/requirements.txt dependencieshackmyagent trust --batch pkg1 pkg2for multi-package queriesTest plan
npm run buildclean