THRONE
See report Verify server

registry / record

github.com/the-open-agent/openagent

github / sealed 2026-06-12 / No. 300f0452

re-scan this server gate it in your CI
> throne registry github.com/the-open-agent/openagent sealed
This target couldn't be started as an MCP serverno package.json or pyproject.toml at the repository root — Throne can launch Node (npm/pnpm/yarn) and Python (uv) projects
receiptsealed evidence
scan id
300f0452a6b34dcfa9285d5c85012ac0
target
https://github.com/the-open-agent/openagent
sealed at
2026-06-12 08:06:44Z
evidence hash
sha256:29cfb1072fb2443cd07f42957fb1c6ec0a575bbcba11cc0544f22fd96156c653
01connectFAIL0ms

server never launched: no package.json or pyproject.toml at the repository root — Throne can launch Node (npm/pnpm/yarn) and Python (uv) projects

02discoverSKIPPED0ms

not run — server never launched

03validate_schemasSKIPPED0ms

not run — server never launched

04smoke_test_toolsSKIPPED0ms

not run — server never launched

05error_handlingSKIPPED0ms

not run — server never launched

06streamingSKIPPED0ms

not run — server never launched

07resource_lifecycleSKIPPED0ms

not run — server never launched

08concurrent_callsSKIPPED0ms

not run — server never launched

09reconnectSKIPPED0ms

not run — server never launched

01connectFAIL0ms

server never launched: no package.json or pyproject.toml at the repository root — Throne can launch Node (npm/pnpm/yarn) and Python (uv) projects

02discoverSKIPPED0ms

not run — server never launched

03validate_schemasSKIPPED0ms

not run — server never launched

04smoke_test_toolsSKIPPED0ms

not run — server never launched

05error_handlingSKIPPED0ms

not run — server never launched

06streamingSKIPPED0ms

not run — server never launched

07resource_lifecycleSKIPPED0ms

not run — server never launched

08concurrent_callsSKIPPED0ms

not run — server never launched

09reconnectSKIPPED0ms

not run — server never launched

chatgpt desktopemulation profile pending real-traffic captureCOMING SOON
SECURITY: REVIEW / 14 finding(s), 1 high / review material, not a verdict
HIGHTHR-INSTALL-03 / Install-time script execution (npm lifecycle)

"preinstall" runs arbitrary code on every npm install: 'node -e "if (process.env.npm_execpath.indexOf(\'yarn\') === -1) throw new Error(\'Use yarn for installi'

openagent-HEAD/web/package.json
LOWTHR-NET-05 / Hardcoded outbound endpoints

139 non-local endpoint host(s) referenced in code — verify each is expected for this server's purpose: (openagent-HEAD/web/src/SkillEditPage.js:174), 01.ai (openagent-HEAD/web/src/ProviderSetting.js:143), a (openagent-HEAD/swagger/swagger-ui-bundle.js:16), ai.baidu.com (openagent-HEAD/model/context_length_util.go:22), ai.google.dev (openagent-HEAD/model/gemini.go:50), aliyun.com (openagent-HEAD/web/src/ProviderSetting.js:231), ant.design (openagent-HEAD/web/src/shadcnTheme.js:16), api-docs.deepseek.com (openagent-HEAD/model/context_length_util.go:19), api.baichuan-ai.com (openagent-HEAD/model/baichuan.go:82), api.deepseek.com (openagent-HEAD/model/deepseek.go:76), api.example.com (openagent-HEAD/web/src/ProviderSetting.js:1375), api.hunyuan.cloud.tencent.com (openagent-HEAD/model/tencentcloud.go:32), api.jina.ai (openagent-HEAD/embedding/jina.go:65), api.kimi.com (openagent-HEAD/model/moonshot.go:30), api.lingyiwanwu.com (openagent-HEAD/model/yi.go:70)

openagent-HEAD/audio/audio.go:7
MEDIUMTHR-OBF-06 / Obfuscated embedded payload

base64-like blob of 980 chars in a file that also decodes/executes data

openagent-HEAD/swagger/swagger-ui-bundle.js:16
MEDIUMTHR-OBF-06 / Obfuscated embedded payload

base64-like blob of 980 chars in a file that also decodes/executes data

openagent-HEAD/swagger/swagger-ui-es-bundle-core.js:16
MEDIUMTHR-OBF-06 / Obfuscated embedded payload

base64-like blob of 980 chars in a file that also decodes/executes data

openagent-HEAD/swagger/swagger-ui-es-bundle.js:16
MEDIUMTHR-OBF-06 / Obfuscated embedded payload

base64-like blob of 20832 chars in a file that also decodes/executes data

openagent-HEAD/swagger/swagger-ui-standalone-preset.js:16
MEDIUMTHR-OBF-06 / Obfuscated embedded payload

base64-like blob of 980 chars in a file that also decodes/executes data

openagent-HEAD/swagger/swagger-ui.js:16
LOWTHR-OBF-06 / Obfuscated embedded payload

base64-like blob of 700 chars

openagent-HEAD/web/src/ResourceListPage.js:31
MEDIUMTHR-PROMPT-07 / Prompt injection via tool descriptions

3 invisible unicode character(s) (zero-width/soft hyphen) — a known vector for hiding instructions from human review

openagent-HEAD/swagger/swagger-ui-bundle.js:16
MEDIUMTHR-PROMPT-07 / Prompt injection via tool descriptions

3 invisible unicode character(s) (zero-width/soft hyphen) — a known vector for hiding instructions from human review

openagent-HEAD/swagger/swagger-ui-es-bundle-core.js:16
MEDIUMTHR-PROMPT-07 / Prompt injection via tool descriptions

3 invisible unicode character(s) (zero-width/soft hyphen) — a known vector for hiding instructions from human review

openagent-HEAD/swagger/swagger-ui-es-bundle.js:16
MEDIUMTHR-PROMPT-07 / Prompt injection via tool descriptions

2 invisible unicode character(s) (zero-width/soft hyphen) — a known vector for hiding instructions from human review

openagent-HEAD/swagger/swagger-ui-standalone-preset.js:16
MEDIUMTHR-PROMPT-07 / Prompt injection via tool descriptions

3 invisible unicode character(s) (zero-width/soft hyphen) — a known vector for hiding instructions from human review

openagent-HEAD/swagger/swagger-ui.js:16
MEDIUMTHR-PROMPT-07 / Prompt injection via tool descriptions

injection-style phrase in source string: 'do not tell the user'

openagent-HEAD/tool/browser_use.go:1512
VERDICT: INCONCLUSIVESANDBOXED RUN — submitted server executed in a disposable microVM — compatibility not assessable: server never launched: no package.json or pyproject.toml at the repository root — Throne can launch Node (npm/pnpm/yarn) and Python (uv) projects / security: review — 14 finding(s), 1 highsealed by THRONE / No. 300f0452 / 2026-06-12
executed in a disposable microVM, created for this scan and destroyed after it. nothing outlives a run.

maintainer of this server? challenge this record: hello@usethrone.dev. tell us what we got wrong and we re-run it in the open.

this page renders the stored record of a real run. nothing on it is asserted without the execution that proved it.