fix: validate module names before dynamic import

README.md

@@ -307,39 +307,6 @@ For more details, please refer to [**MS-Agent Skills**](ms_agent/skill/README.md
 
 ---
 
-### Agent Skills
-
-The **MS-Agent Skill Module** is **Implementation** of [Anthropic-Agent-Skills](https://platform.claude.com/docs/en/agents-and-tools/agent-skills) Protocol.
-
-#### 🔍 Intelligent Skill Retrieval
-- **Hybrid Search**: Combines FAISS dense retrieval with BM25 sparse retrieval
-- **LLM-based Filtering**: Uses LLM to filter and validate skill relevance
-- **Query Analysis**: Automatically determines if skills are needed for a query
-
-#### 📊 DAG-based Execution
-- **Dependency Management**: Builds execution DAG based on skill dependencies
-- **Parallel Execution**: Runs independent skills concurrently
-- **Input/Output Linking**: Automatically passes outputs between dependent skills
-
-#### 🧠 Progressive Skill Analysis
-- **Two-phase Analysis**: Plan first, then load resources
-- **Incremental Loading**: Only loads required scripts/references/resources
-- **Context Optimization**: Minimizes token usage while maximizing understanding
-- **Auto Bug Fixing**: Analyzes errors and attempts automatic fixes
-
-#### 🔒 Secure Execution Environment
-- **Docker Sandbox**: Isolated execution using [ms-enclave](https://github.com/modelscope/ms-enclave) containers
-- **Local Execution**: Controlled local execution with RCE prevention
-- **Security Checks**: Pattern-based detection of dangerous code
-
-#### 🔄 Self-Reflection & Retry
-- **Error Analysis**: LLM-based analysis of execution failures
-- **Auto-Fix**: Attempts to fix code based on error messages
-- **Configurable Retries**: Up to N retry attempts with fixes
-
-
-For more details, please refer to [**MS-Agent Skills**](ms_agent/skill/README.md).
-
 
 ### Agentic Insight
 

ms_agent/agent/llm_agent.py

@@ -3,8 +3,8 @@
 import importlib
 import inspect
 import os.path
+import re
 import sys
-import threading
 import uuid
 from contextlib import contextmanager
 from copy import deepcopy
@@ -400,6 +400,12 @@ def register_config_handler(self) -> Optional[ConfigLifecycleHandler]:
             if local_dir not in sys.path:
                 sys.path.insert(0, local_dir)
 
+            handler_file = os.path.basename(handler_file)
+            if handler_file.endswith(".py"):
+                handler_file = handler_file[:-3]
+            if not re.match(r"^[a-zA-Z_][a-zA-Z0-9_]*$", handler_file):
+                raise ValueError(f"Invalid handler module name: {handler_file}")
+
             handler_module = importlib.import_module(handler_file)
             module_classes = {
                 name: cls
@@ -443,8 +449,10 @@ def register_callback_from_config(self):
                         sys.path.insert(0, local_dir)
                     if subdir and subdir not in sys.path:
                         sys.path.insert(0, subdir)
-                    if _callback.endswith('.py'):
+                    if _callback.endswith(".py"):
                         _callback = _callback[:-3]
+                    if not re.match(r"^[a-zA-Z_][a-zA-Z0-9_]*$", _callback):
+                        raise ValueError(f"Invalid callback module name: {_callback}")
                     callback_file = importlib.import_module(_callback)
                     module_classes = {
                         name: cls

ms_agent/agent/loader.py

@@ -2,6 +2,7 @@
 import importlib
 import inspect
 import os
+import re
 import sys
 from typing import Dict, Optional
 
@@ -92,8 +93,10 @@ def _load_external_code(cls, config, code_file, **kwargs) -> 'Agent':
         if subdir and subdir not in sys.path:
             sys.path.insert(0, subdir)
             subdir_inserted = True
-        if code_file.endswith('.py'):
+        if code_file.endswith(".py"):
             code_file = code_file[:-3]
+        if not re.match(r"^[a-zA-Z_][a-zA-Z0-9_]*$", code_file):
+            raise ValueError(f"Invalid code module name: {code_file}")
         if code_file in sys.modules:
             del sys.modules[code_file]
         code_module = importlib.import_module(code_file)