feat: initial implementation of extension malware check #4272
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shellz-n-stuff
commented
Aug 22, 2025
| let mut headers = HeaderMap::new(); | ||
| headers.insert( | ||
| USER_AGENT, | ||
| HeaderValue::from_static("goose-osv-check/1.1 (+https://osv.dev)"), |
Contributor
Author
There was a problem hiding this comment.
This was an idea from Goose. But I actually really liked it! Just in-case the OSV team want to identify us and/or hit us up
frankgraziano
approved these changes
Aug 22, 2025
tomasz-sq
reviewed
Aug 22, 2025
tomasz-sq
reviewed
Aug 22, 2025
Comment on lines
+260
to
+263
| return Err(ExtensionError::ConfigError(format!( | ||
| "Blocked malicious package: {name}@{ver} ({ecosystem}). OSV MAL advisories: {details}" |
Contributor
There was a problem hiding this comment.
should we consider making the error more actionable? I was curious how to deal with false positives. Looks like the recommended way is to create a GH issue
https://github.com/ossf/malicious-packages/blob/main/README.md#false-positives
Collaborator
There was a problem hiding this comment.
message could say to "contact your adminstrator" which ... I hate when I see that as it is often me!
Collaborator
|
I think this is ok - will need some fmt done and I think needs a timeout, but we can try it. |
shellz-n-stuff
force-pushed
the
feat/extension-malware-check
branch
2 times, most recently
from
037ca86 to
9aa5e3d
Compare
Contributor
|
Awesome! Did you mean to pull in the other commits to this branch? |
Contributor
Author
Bad rebase. Fixing it 🙏 |
Signed-off-by: Alex Rosenzweig <[email protected]>
shellz-n-stuff
force-pushed
the
feat/extension-malware-check
branch
from
827e453 to
6227baf
Compare
michaelneale
approved these changes
Aug 27, 2025
Collaborator
michaelneale
left a comment
michaelneale
left a comment
There was a problem hiding this comment.
nice! got it there
zanesq
added a commit
that referenced
this pull request
Aug 27, 2025
…nscribing * 'main' of github.com:block/goose: update tetrate blog date to today (#4368) tetrate signup: blog/launch post (#4313) Implement graceful recipe error handling with filename display (#4363) docs: airgapped operation by bypassing hermit for desktop app (#4063) remove Ollama card from welcome screen (#4348) feat: initial implementation of extension malware check (#4272) Add Tetrate Agent Router Service to Provider Registry (#4354) Goose Simple Compact UX (#4202) Refactor Extensions Install Modal (#4328) fix: url path trailing slash for custom-providers (#4345) docs: update available and onboarding providers list (#4356)
katzdave
added a commit
that referenced
this pull request
Aug 27, 2025
* 'main' of github.com:block/goose: Fix eleven labs audio transcription and added more logging (#4358) feat: re-introduce session sharing (#4370) remove duplicate blog post (#4369) fix focus ring under form submits (#4332) Trigger docs deployment update tetrate blog date to today (#4368) tetrate signup: blog/launch post (#4313) Implement graceful recipe error handling with filename display (#4363) docs: airgapped operation by bypassing hermit for desktop app (#4063) remove Ollama card from welcome screen (#4348) feat: initial implementation of extension malware check (#4272) Add Tetrate Agent Router Service to Provider Registry (#4354) Goose Simple Compact UX (#4202)
michaelneale
added a commit
that referenced
this pull request
Aug 28, 2025
* main: (38 commits) feat: linux computer control for android (termux) (#3890) feat: Added scroll state support for chat-session-list navigation (#4360) docs: typo fix (#4376) blog: goose janitor (#4131) Fix eleven labs audio transcription and added more logging (#4358) feat: re-introduce session sharing (#4370) remove duplicate blog post (#4369) fix focus ring under form submits (#4332) Trigger docs deployment update tetrate blog date to today (#4368) tetrate signup: blog/launch post (#4313) Implement graceful recipe error handling with filename display (#4363) docs: airgapped operation by bypassing hermit for desktop app (#4063) remove Ollama card from welcome screen (#4348) feat: initial implementation of extension malware check (#4272) Add Tetrate Agent Router Service to Provider Registry (#4354) Goose Simple Compact UX (#4202) Refactor Extensions Install Modal (#4328) fix: url path trailing slash for custom-providers (#4345) docs: update available and onboarding providers list (#4356) ...
dorien-koelemeijer
pushed a commit
to dorien-koelemeijer/goose
that referenced
this pull request
Sep 2, 2025
Signed-off-by: Alex Rosenzweig <[email protected]> Co-authored-by: Michael Neale <[email protected]> tested it a few ways, surgical change. Signed-off-by: Dorien Koelemeijer <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Goose users need to install extensions in order to get the full utility they desire. However, our stdio MCPs are quite often coming from package ecosystems that can contain malware.
Though it's not possible to completely protect users from all forms of Malware (and other Supply Chain Attacks) implementing some basic checks for known bad packages better protects all Goose users! ❤️
Implementation
When a user attempts to activate an extension we will parse out the name of the package and/or version information (where possible) and attempt to query the OSV API to understand if the package contains malware (identified by MAL in the formatting).
If the http call fails for some reason and/or we have issues parsing we opt to fail open to ensure this doesn't present a disruption to users.
Note: This implementation only supports PyPi and NPM as package manager formats
Handling of non-provided package versions
One key choice here was we @latest syntax and no version provided syntax by checking if any version of the package has malware. Broadly speaking it's going to be rare that an extension is compromised, malware finding filed and then persisted on those versions but it "could" happen and I'm open to adjusting the approach if we have major upfront concerns
OSV/Malicious Packages
The OSV project contains vulnerability information and malware information for open-source packages. The Malware information is populated via https://github.com/ossf/malicious-packages and broadly is a trustworthy datasource.
Though OSV does contain vulnerability data we're strictly only checking for Malware in this case. We could potentially inform users of CVEs in the future using this interface but we'd want to make the product interface there much easier to understand for all users!
Testing