Skip to content
ai-supply.store
探すカテゴリランキングコミュニティAgent APIFAQ
サインイン無料登録
catalog / Orchestration / Marvin
⌬WorkflowOrchestrationFree

Marvin

Prefect's Python library for building reliable AI functions, tasks, and workflow orchestration.

@ai-supply
インストール数7.8k
↗ ソースリポジトリ
← More OrchestrationOrchestration leaderboard →How we grade security →Source ↗

Marvin

Marvin is an 'ambient intelligence' library from Prefect for building reliable AI workflows and applications in Python.

It provides high-level building blocks — AI functions, structured classification/extraction, and task and agent orchestration — that turn LLM calls into typed, composable steps you can drop into normal code.

Apache-2.0 licensed; oriented toward developers who want to orchestrate LLM-powered tasks with the ergonomics of ordinary functions.

Rating rank
#1
of 16 in Orchestration
Install rank
#13
of 16 in Orchestration
Security score
75/100 · B
review
Security rank
#4
of 16 in Orchestration
Installs
7.8k
cat avg 126k
This listing vs category average
Installs
this
cat avg
Security (of 100)
this
cat avg
Adoption trend
See the Orchestration leaderboard →
! Security: Review · 7575/100 · grade Bscanned 15h ago
✓ no compromise signals15 risk-surface · 10/20 OWASP controls flagged

Compromise signals — malicious or tampered code (leaked secrets, backdoors, a dropped executable) — reduce the score, and known dependency CVEs carry a bounded penalty (they warrant review but never QUARANTINE — update the dependency to clear). Other dangerous-by-capability traits are risk surface, expected for some capabilities. Every finding is mapped to its OWASP control below.

What this capability can do · high confidence (static)
Tools (4)
get_the_value_of_schleebwrite_a_goose_horror_storyinspect_this_serverhello_world
⚑ filesystem⚑ shell⚑ network⚑ secrets
egress → docs.github.com, pypi.org, ai.pydantic.dev, controlflow.ai, mintlify.com, platform.openai.com, discord.gg, communityinviter.com +31
36 steps⚑ uses secretsactions/checkout@v4google-github-actions/auth@v2google-github-actions/deploy-cloudrun@v2docs.github.comactions/labeler@v5astral-sh/setup-uv@v3astral-sh/setup-uv@v5github.com

Findings mapped to the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any flagged control for the exact findings — compromise reduces the score; expected/risk-surface do not.

OWASP Top 10 for LLM Applications
⚠LLM03Supply Chaincritical
Vulnerable/compromised dependencies, models or archives in the artifact.
•Vulnerable dependencies — 159 known vulnerabilities in: aiohttp@3.13.1, authlib@1.6.5, chromadb@1.2.1, cryptography@45.0.7, diskcache@5.6.3, fastmcp@3.0.0b2.dev20+b77484e1, filelock@3.20.0, gitpython@3.1.45 (CWE-1395)known CVE · -25 pts
⚠LLM01Prompt Injectionhigh
Adversarial instructions embedded in an artifact that hijack a downstream LLM.
•Prompt-injection phrasing — instruction-subversion language detected · PrefectHQ-marvin-7c3e20a/src/marvin/templates/system.jinja (CWE-77)expected
⚠LLM02Sensitive Information Disclosurehigh
Secrets, credentials or PII shipped inside the artifact.
•Embedded credentials — found: DB connection string with credentials · PrefectHQ-marvin-7c3e20a/docs/patterns/memory.mdx (CWE-798)expected
•Embedded credentials — found: hardcoded credential · PrefectHQ-marvin-7c3e20a/docs/patterns/task-results.mdx (CWE-798)expected
⚠LLM05Improper Output Handlinghigh
Code that pipes model/user output into shell, eval, SQL or paths unsafely.
•Suspicious code patterns — OS command execution · PrefectHQ-marvin-7c3e20a/README.md (CWE-78)expected
•Suspicious code patterns — dynamic code execution · PrefectHQ-marvin-7c3e20a/examples/english_to_schema.py (CWE-95)expected
•Suspicious code patterns — destructive rm -rf /; pipe-to-shell install · PrefectHQ-marvin-7c3e20a/examples/slackbot/Dockerfile.slackbot (CWE-78)expected
•Suspicious code patterns — pipe-to-shell install · PrefectHQ-marvin-7c3e20a/examples/you_have_been_goosed/README.md (CWE-494)expected
⚠LLM07System Prompt Leakagehigh
Secrets, internal hosts or proprietary logic exposed in shipped prompts.
•Internal host / private infrastructure reference — shipped content references a private IP range or internal-only host · PrefectHQ-marvin-7c3e20a/README.md (CWE-200)risk surface
•Embedded credentials — found: DB connection string with credentials · PrefectHQ-marvin-7c3e20a/docs/patterns/memory.mdx (CWE-798)expected
•Embedded credentials — found: hardcoded credential · PrefectHQ-marvin-7c3e20a/docs/patterns/task-results.mdx (CWE-798)expected
⚠LLM10Unbounded Consumptionmedium
Unbounded loops/recursion causing DoS or runaway cost.
Enforced at runtime by the gateway (rate limits + spend caps + size caps); static check flags unbounded loops.
•Potentially unbounded loop — an infinite loop (while True / while(1) / for(;;)) may cause runaway consumption · PrefectHQ-marvin-7c3e20a/docs/guides/building-a-chatbot.mdx (CWE-835)risk surface
⚠LLM06Excessive Agencylow
Over-broad tool/permission surface or unrestricted egress.
•External endpoints declared — 1 distinct host(s) · PrefectHQ-marvin-7c3e20a/.github/workflows/image-build-and-push-community.yamlexpected
•Broad capability surface — 3 high-impact capability categories referenced — verify least-privilege · PrefectHQ-marvin-7c3e20a/README.md (CWE-272)risk surface
•External endpoints declared — 4 distinct host(s) · PrefectHQ-marvin-7c3e20a/README.mdexpected
•External endpoints declared — 3 distinct host(s) · PrefectHQ-marvin-7c3e20a/docs/docs.jsonexpected
•External endpoints declared — 2 distinct host(s) · PrefectHQ-marvin-7c3e20a/docs/guides/database-migrations.mdxexpected
§LLM09MisinformationGovernance
Artifacts designed to produce false/deceptive output.
Detectable only by runtime behavioral evaluation; addressed via responsible-use attestation.
✓LLM04Data and Model PoisoningPassed
Backdoors/poisoning in training data or serialized models.
Behavioral poisoning needs model execution; static check covers unsafe serialization + dataset skew only.
✓LLM08Vector and Embedding WeaknessesPassed
PII or plaintext source leakage in embedding/vector exports.
Embedding inversion/poisoning is largely runtime; static check covers PII in vector exports.
OWASP Machine Learning Security Top 10
⚠ML06AI Supply Chaincritical
Compromised PyPI/npm packages, typosquats, unsafe serialized models.
•Vulnerable dependencies — 159 known vulnerabilities in: aiohttp@3.13.1, authlib@1.6.5, chromadb@1.2.1, cryptography@45.0.7, diskcache@5.6.3, fastmcp@3.0.0b2.dev20+b77484e1, filelock@3.20.0, gitpython@3.1.45 (CWE-1395)known CVE · -25 pts
⚠ML02Data Poisoninghigh
Poisoned training datasets with triggers or anomalous distributions.
Static check covers trigger phrasing, PII and label skew; full poisoning detection is runtime.
•Prompt-injection phrasing — instruction-subversion language detected · PrefectHQ-marvin-7c3e20a/src/marvin/templates/system.jinja (CWE-77)expected
⚠ML09Output Integrityhigh
Middleware tampering with model outputs in transit.
Gateway enforces TLS + response integrity; static check flags output-rewriting code.
•Suspicious code patterns — OS command execution · PrefectHQ-marvin-7c3e20a/README.md (CWE-78)expected
•Suspicious code patterns — dynamic code execution · PrefectHQ-marvin-7c3e20a/examples/english_to_schema.py (CWE-95)expected
•Suspicious code patterns — destructive rm -rf /; pipe-to-shell install · PrefectHQ-marvin-7c3e20a/examples/slackbot/Dockerfile.slackbot (CWE-78)expected
•Suspicious code patterns — pipe-to-shell install · PrefectHQ-marvin-7c3e20a/examples/you_have_been_goosed/README.md (CWE-494)expected
§ML01Input Manipulation (Adversarial)Governance
Models vulnerable to adversarial perturbations.
Requires runtime robustness evaluation; addressed via publisher robustness attestation.
§ML03Model InversionGovernance
Training data reconstructable from a model's outputs.
Runtime/evaluation property; addressed via model-card data-provenance + DP attestation.
§ML04Membership InferenceGovernance
Determining whether a record was in the training set.
Runtime/evaluation property; addressed via overfitting disclosure + DP attestation.
§ML08Model SkewingGovernance
Models trained on skewed data producing biased output.
Requires fairness evaluation; addressed via model-card bias/limitations disclosure.
✓ML05Model TheftPassed
Unlicensed re-distribution / license-incompatible derivatives.
Static check verifies license declaration; extraction throttling is runtime.
✓ML07Transfer Learning AttackPassed
Backdoored base models / LoRA adapters propagating to derivatives.
Backdoor detection needs behavioral probing; static check covers unsafe serialization + provenance.
✓ML10Model Poisoning (Weights)Passed
Tampered model weight files; integrity must be verifiable.
Static check enforces safe formats + records a content hash for downstream verification.
Other findings (8) · hygiene / uncategorized
•Unrecognized file type — '.gitignore' is not on the allowlist · PrefectHQ-marvin-7c3e20a/.gitignorerisk surface
•Unrecognized file type — '.?' is not on the allowlist · PrefectHQ-marvin-7c3e20a/LICENSErisk surface
•Unrecognized file type — '.ini' is not on the allowlist · PrefectHQ-marvin-7c3e20a/alembic.inirisk surface
•Unrecognized file type — '.mdx' is not on the allowlist · PrefectHQ-marvin-7c3e20a/docs/api-reference/marvin-agents-actor.mdxrisk surface
•Unrecognized file type — '.dockerignore' is not on the allowlist · PrefectHQ-marvin-7c3e20a/examples/slackbot/.dockerignorerisk surface
•Unrecognized file type — '.slackbot' is not on the allowlist · PrefectHQ-marvin-7c3e20a/examples/slackbot/Dockerfile.slackbotrisk surface
•Unrecognized file type — '.mako' is not on the allowlist · PrefectHQ-marvin-7c3e20a/migrations/script.py.makorisk surface
•Unrecognized file type — '.jinja' is not on the allowlist · PrefectHQ-marvin-7c3e20a/src/marvin/templates/agent.jinjarisk surface
✔ verified source · pinned PrefectHQ-marvin-7c3e20a
Check against a policy

The same gate an agent runs before installing (POST /api/v1/trust/marvin-ai/check). Click a policy:

Consume Marvin programmatically. Authenticate with an API key or session — see Authorize an agent.

# Agents: CHECK BEFORE YOU INSTALL (no auth) — score, grade, level, capability manifest
curl https://ai-supply.store/api/v1/trust/marvin-ai

# Gate against your org policy (returns { pass, violations })
curl -X POST https://ai-supply.store/api/v1/trust/marvin-ai/check \
  -H "Content-Type: application/json" \
  -d '{"minGrade":"B","denyPermissions":["shell"],"denyUnknownEgress":true}'

# CLI
npx ai-supply add marvin-ai

# REST (install → download)
curl -X POST https://ai-supply.store/api/v1/listings/marvin-ai/install \
  -H "Authorization: Bearer $AIM_KEY"

# MCP tool
install_listing({ "slug": "marvin-ai" })
OpenAPI spec →
vlatest
! Security: Review · 7517h ago

Curated mirror — latest upstream source. See the repository for tagged releases.

Sign in and install this listing to leave a review.

More from @ai-supply

View profile →
◉Agent
MetaGPT
Multi-agent framework that assigns GPT roles (PM, engineer, QA) to solve complex software tasks end-to-end.
↓ 1.0M
⇄Connector
vLLM
High-throughput, memory-efficient LLM inference engine with PagedAttention and continuous batching.
↓ 892k
⇄Connector
Meilisearch
Lightning-fast open-source search engine with typo-tolerance, semantic hybrid search, and sub-50ms response times.
↓ 811k
△Eval
Weights & Biases (wandb)
ML experiment tracking and visualization — log metrics, hyperparameters, models, and media in real time.
↓ 784k
ai-supply.store

無料でセキュリティ監査済みのAI機能。スキル、MCP、プラグイン、agent、データセットまで、一つひとつをスコアリングし鮮度も追跡。人にもagentにも使えるように設計されています。

api · v3.1status · all green
お問い合わせ
support@ai-supply.storesecurity@ai-supply.store
カタログ
  • 探す
  • カテゴリ
  • ランキング
  • ベンチマーク
  • セキュリティ
コミュニティ
  • コミュニティ
  • FAQ
エージェント向け
  • クイックスタート (60s)
  • エージェントを認可
  • Agent API
  • OpenAPI 仕様
ビルダー向け
  • 公開する
  • ダッシュボード
アカウント
  • アカウント作成
  • サインイン
  • 設定
法的情報
  • 利用規約
  • パブリッシャー契約
  • 利用規定
  • プライバシーポリシー