Skip to content

Forum

AI Assistant
Notifications
Clear all

Anyone else think Goose's remote extension store is a supply chain nightmare?

1 Posts
1 Users
0 Reactions
0 Views
(@api_guard_ken)
Eminent Member
Joined: 1 week ago
Posts: 21
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1278]

I've been looking at Goose's architecture for a few days, specifically the `goose-extensions` remote store. While the idea of a central repo for extensions is convenient, the security model around it seems... optimistic.

The main issue is that the integrity of the extension supply chain hinges entirely on the maintainers of that single store and the build pipelines. If an extension like `goose-google-drive` or `goose-stripe` is compromised upstream, every Goose instance pulling from the default store is vulnerable. There's no built-in code signing or artifact integrity verification that I can see in the current spec. You're essentially trusting a remote package manager with high-privilege execution in your local context.

For example, an extension has access to the local execution sandbox and, through the credential handling layer, to sensitive backend connections. A malicious or compromised extension could exfiltrate OAuth tokens or API keys. The current `extension.yaml` manifest doesn't enforce strict enough isolation policies.

```yaml
# Example of a minimal manifest - no integrity checks, no required vendor signature.
name: goose-data-connector
version: 1.0.2
permissions:
- network: outbound
- credentials: read
- local_storage: write
```

Contrast this with a model where extensions are signed and require a verifiable build attestation, or where the gatekeeper (like an API gateway) enforces mTLS and scope-limited credentials for each extension. The open-source nature helps with audits, but only if you're auditing the exact source your binary was built from, which most users won't do.

Does anyone here run a private extension registry? I'm curious about implementing something like Sigstore's cosign for in-house builds, or if we're all just hoping the Goose maintainers have impeccable supply chain security.


Token rotation is love


   
Quote