Risk Assessment Engine (dormant)
Dormant since 2026-07
The risk-assessment engine only runs behind the hidden legacy install
command and is unmaintained for now. The current security posture is
transparency: see the Security Guide. Content
below is kept as reference for the dormant surface.
IpMan's risk assessment engine analyzes skills before installation, inspired by Skill Vetter.
What It Checks
Red Flags (auto-elevate to HIGH/EXTREME)
- Network requests to unknown URLs or raw IP addresses
- Credential harvesting (API keys, tokens)
- Access to sensitive paths (
~/.ssh,~/.aws,~/.config) - Access to agent memory files (
MEMORY.md,SOUL.md) - Obfuscated code (base64 encoding, minified code, dynamic evaluation)
- Elevated privilege requests (sudo/root)
- Outbound data exfiltration patterns
Permission Scope
- File read/write scope
- Network call targets
- Command execution
- Scope minimality (Principle of Least Privilege)
Source Reputation
- Author publish history
- Download/install count
- Repository age and stars
- Community reports
Risk Report Output
SKILL VETTING REPORT
===================================================
Skill: sketchy-tool
Source: https://example.com/sketchy.ip.yaml
---------------------------------------------------
RED FLAGS:
- Accesses ~/.ssh/id_rsa
- Network call to raw IP address
- Obfuscated code in install script
PERMISSIONS:
- Files: ~/.ssh (READ)
- Network: external endpoint on port 8080
- Commands: network tools, encoding tools
---------------------------------------------------
RISK LEVEL: EXTREME
VERDICT: DO NOT INSTALL
===================================================