Is kumagallium/crucible-agent safe to install?

kumagallium/crucible-agent was flagged as CRITICAL RISK (risk score 56) with 11 findings detected across 54 files. Review the findings before installing.

What security issues were found in kumagallium/crucible-agent?

Sigil detected 11 findings in kumagallium/crucible-agent, including patterns related to provenance, credentials, network_exfil. See the full scan report for details.

Scans/github/kumagallium/crucible-agent

kumagallium/crucible-agent

github

Summary

kumagallium/crucible-agent v2026-03-19 was classified as CRITICAL RISK with a risk score of 56. Sigil detected 11 findings across 54 files, covering phases including provenance, credential access, network exfiltration. Review the findings below before installing this package.

Package description: AI agent runtime that connects any frontend to MCP servers via LLM — domain behavior is driven by swappable prompt profiles

CRITICAL RISK(56)

v2026-03-19

20 March 2026, 00:44 UTC

by Sigil Bot

Risk Score

Findings

Files Scanned

Provenance

Registry

https://github.com/kumagallium/crucible-agent

Repository

https://github.com/kumagallium/crucible-agent

Scanned From

https://github.com/kumagallium/crucible-agent.git

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/github/kumagallium/crucible-agent)](https://sigilsec.ai/scans/66B05B4C-03C7-4734-8D90-EBA2A860B3DB)

HTML

<a href="https://sigilsec.ai/scans/66B05B4C-03C7-4734-8D90-EBA2A860B3DB"><img src="https://sigilsec.ai/badge/github/kumagallium/crucible-agent" alt="Sigil Scan"></a>

Run This Scan Yourself