From 2c82792b69807e07cf6a6f6782918b2a87cd6bb2 Mon Sep 17 00:00:00 2001 From: RinZ27 <222222878+RinZ27@users.noreply.github.com> Date: Wed, 4 Mar 2026 13:58:16 +0700 Subject: [PATCH 1/4] fix: validate module names before dynamic import --- README.md | 33 --------------------------------- ms_agent/agent/llm_agent.py | 12 ++++++++++-- ms_agent/agent/loader.py | 5 ++++- 3 files changed, 14 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index ae03ea8c3..c19e5c914 100644 --- a/README.md +++ b/README.md @@ -307,39 +307,6 @@ For more details, please refer to [**MS-Agent Skills**](ms_agent/skill/README.md --- -### Agent Skills - -The **MS-Agent Skill Module** is **Implementation** of [Anthropic-Agent-Skills](https://platform.claude.com/docs/en/agents-and-tools/agent-skills) Protocol. - -#### 🔍 Intelligent Skill Retrieval -- **Hybrid Search**: Combines FAISS dense retrieval with BM25 sparse retrieval -- **LLM-based Filtering**: Uses LLM to filter and validate skill relevance -- **Query Analysis**: Automatically determines if skills are needed for a query - -#### 📊 DAG-based Execution -- **Dependency Management**: Builds execution DAG based on skill dependencies -- **Parallel Execution**: Runs independent skills concurrently -- **Input/Output Linking**: Automatically passes outputs between dependent skills - -#### 🧠 Progressive Skill Analysis -- **Two-phase Analysis**: Plan first, then load resources -- **Incremental Loading**: Only loads required scripts/references/resources -- **Context Optimization**: Minimizes token usage while maximizing understanding -- **Auto Bug Fixing**: Analyzes errors and attempts automatic fixes - -#### 🔒 Secure Execution Environment -- **Docker Sandbox**: Isolated execution using [ms-enclave](https://github.com/modelscope/ms-enclave) containers -- **Local Execution**: Controlled local execution with RCE prevention -- **Security Checks**: Pattern-based detection of dangerous code - -#### 🔄 Self-Reflection & Retry -- **Error Analysis**: LLM-based analysis of execution failures -- **Auto-Fix**: Attempts to fix code based on error messages -- **Configurable Retries**: Up to N retry attempts with fixes - - -For more details, please refer to [**MS-Agent Skills**](ms_agent/skill/README.md). - ### Agentic Insight diff --git a/ms_agent/agent/llm_agent.py b/ms_agent/agent/llm_agent.py index 8602d1621..3ff3aa27d 100644 --- a/ms_agent/agent/llm_agent.py +++ b/ms_agent/agent/llm_agent.py @@ -3,8 +3,8 @@ import importlib import inspect import os.path +import re import sys -import threading import uuid from contextlib import contextmanager from copy import deepcopy @@ -400,6 +400,12 @@ def register_config_handler(self) -> Optional[ConfigLifecycleHandler]: if local_dir not in sys.path: sys.path.insert(0, local_dir) + handler_file = os.path.basename(handler_file) + if handler_file.endswith(".py"): + handler_file = handler_file[:-3] + if not re.match(r"^[a-zA-Z0-9_-]+$", handler_file): + raise ValueError(f"Invalid handler module name: {handler_file}") + handler_module = importlib.import_module(handler_file) module_classes = { name: cls @@ -443,8 +449,10 @@ def register_callback_from_config(self): sys.path.insert(0, local_dir) if subdir and subdir not in sys.path: sys.path.insert(0, subdir) - if _callback.endswith('.py'): + if _callback.endswith(".py"): _callback = _callback[:-3] + if not re.match(r"^[a-zA-Z0-9_-]+$", _callback): + raise ValueError(f"Invalid callback module name: {_callback}") callback_file = importlib.import_module(_callback) module_classes = { name: cls diff --git a/ms_agent/agent/loader.py b/ms_agent/agent/loader.py index 21b1687a7..6104bb76b 100644 --- a/ms_agent/agent/loader.py +++ b/ms_agent/agent/loader.py @@ -2,6 +2,7 @@ import importlib import inspect import os +import re import sys from typing import Dict, Optional @@ -92,8 +93,10 @@ def _load_external_code(cls, config, code_file, **kwargs) -> 'Agent': if subdir and subdir not in sys.path: sys.path.insert(0, subdir) subdir_inserted = True - if code_file.endswith('.py'): + if code_file.endswith(".py"): code_file = code_file[:-3] + if not re.match(r"^[a-zA-Z0-9_-]+$", code_file): + raise ValueError(f"Invalid code module name: {code_file}") if code_file in sys.modules: del sys.modules[code_file] code_module = importlib.import_module(code_file) From 502e98e3a5ad9674625f063b6aaf266dc8665db7 Mon Sep 17 00:00:00 2001 From: Rin Date: Wed, 4 Mar 2026 14:08:58 +0700 Subject: [PATCH 2/4] Update ms_agent/agent/llm_agent.py Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- ms_agent/agent/llm_agent.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ms_agent/agent/llm_agent.py b/ms_agent/agent/llm_agent.py index 3ff3aa27d..14afdb287 100644 --- a/ms_agent/agent/llm_agent.py +++ b/ms_agent/agent/llm_agent.py @@ -403,7 +403,7 @@ def register_config_handler(self) -> Optional[ConfigLifecycleHandler]: handler_file = os.path.basename(handler_file) if handler_file.endswith(".py"): handler_file = handler_file[:-3] - if not re.match(r"^[a-zA-Z0-9_-]+$", handler_file): + if not re.match(r"^[a-zA-Z_][a-zA-Z0-9_]*$", handler_file): raise ValueError(f"Invalid handler module name: {handler_file}") handler_module = importlib.import_module(handler_file) From 9caa4251c547a90cb64a8e19427a4d7be76c51d4 Mon Sep 17 00:00:00 2001 From: Rin Date: Wed, 4 Mar 2026 14:09:13 +0700 Subject: [PATCH 3/4] Update ms_agent/agent/llm_agent.py Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- ms_agent/agent/llm_agent.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ms_agent/agent/llm_agent.py b/ms_agent/agent/llm_agent.py index 14afdb287..22a1abdc4 100644 --- a/ms_agent/agent/llm_agent.py +++ b/ms_agent/agent/llm_agent.py @@ -451,7 +451,7 @@ def register_callback_from_config(self): sys.path.insert(0, subdir) if _callback.endswith(".py"): _callback = _callback[:-3] - if not re.match(r"^[a-zA-Z0-9_-]+$", _callback): + if not re.match(r"^[a-zA-Z_][a-zA-Z0-9_]*$", _callback): raise ValueError(f"Invalid callback module name: {_callback}") callback_file = importlib.import_module(_callback) module_classes = { From 4d48bbb1d0ec77abdcb9d132ac81177efe9af15c Mon Sep 17 00:00:00 2001 From: Rin Date: Wed, 4 Mar 2026 14:09:22 +0700 Subject: [PATCH 4/4] Update ms_agent/agent/loader.py Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- ms_agent/agent/loader.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ms_agent/agent/loader.py b/ms_agent/agent/loader.py index 6104bb76b..66529faf7 100644 --- a/ms_agent/agent/loader.py +++ b/ms_agent/agent/loader.py @@ -95,7 +95,7 @@ def _load_external_code(cls, config, code_file, **kwargs) -> 'Agent': subdir_inserted = True if code_file.endswith(".py"): code_file = code_file[:-3] - if not re.match(r"^[a-zA-Z0-9_-]+$", code_file): + if not re.match(r"^[a-zA-Z_][a-zA-Z0-9_]*$", code_file): raise ValueError(f"Invalid code module name: {code_file}") if code_file in sys.modules: del sys.modules[code_file]