Talos — deterministic runtime firewall SDK for AI agents. Prompt-injection screening, deny-by-default tool-call gating (shell, filesystem, network, wallet), and secret-leak scanning. Model-agnostic, zero dependencies, probe-tested. The runtime guardian counterpart to Nullsec-S1.
Drift inferred · capture-to-capture
- HIGH code analysis flagged committed secret in trynullsec/nullsec-talos
transport stdio counts 0 tools · 0 res
· 0 prompts
permission surface via code analysis
No tools enumerated yet for this server.
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed commit 873333f · analyzer v20 · 22h ago
danger signals2
- suspicious endpoint169.254.169.254 (cloud metadata)trynullsec-nullsec-talos-873333f/nullsec_talos/probes.py:120
"args": {"url": "http://169.254.169.254/latest/meta-data/iam/"}, - committed secretGitHub tokentrynullsec-nullsec-talos-873333f/nullsec_talos/probes.py:187
ghp_01…(42 chars, redacted)
evidence-backed
findings quoted directly from the published source artifact — not inferred
filesystem 2
- fs trynullsec-nullsec-talos-873333f/nullsec_talos/audit.py :10
from pathlib import Path - fs trynullsec-nullsec-talos-873333f/nullsec_talos/gateway.py :80
passthrough would be fail-open (a ``curl | sh`` call wrapped in
shell / exec 1
- shell trynullsec-nullsec-talos-873333f/nullsec_talos/gateway.py :32
import subprocess
network 1
- net trynullsec-nullsec-talos-873333f/nullsec_talos/rules/network.py :11
from urllib.parse import urlparse
declared dependencies 4
- pytest@>=8.0
- pytest-cov@>=5.0
- ruff@>=0.6
- mypy@>=1.11
obfuscation 1
- dynamic require()/import() trynullsec-nullsec-talos-873333f/nullsec_talos/firewall.py :28
from nullsec_talos.decision import (