Can Agents Have Their Own App Store? SJTU & OPPO Unveil a Massive Agent Ecosystem

Evolution of Agent Services

Multimodal large language models have driven agent services from a single‑assistant stage, through multi‑agent systems, to a massive‑agent ecosystem. The authors identify three emerging challenges in this ecosystem:

Non‑personalized experience : agents provide generic services and cannot capture implicit user preferences such as dietary habits.

Lack of standardization : heterogeneous protocols make it difficult for users to invoke agents and create pricing chaos for enterprises.

Untrustworthy behavior : malicious developers may embed trojans, while malicious users could weaponize agents for attacks.

ColorEcosystem Blueprint

The proposed solution consists of three interlocking pillars: Agent Carrier, Agent Store, and Agent Audit.

1. Agent Carrier – Personalized Digital Twin

Each user owns a Carrier that stores authorized personal data and memories. The Carrier enables two core mechanisms:

Self‑selection of agents : users download only the agents they need from the Store, analogous to installing apps on a phone. The Carrier therefore contains a subset of all available agents.

Digital twin access to user data : users grant the Carrier access to selected data (e.g., historical trajectories, search logs, preferences). When an agent is invoked, the Carrier supplies this context so the agent can act in alignment with the user’s intent.

Example: User Alice’s Carrier can communicate with Bob’s Carrier via the agent protocol, enabling peer‑to‑peer interaction. When Alice selects a restaurant‑recommendation agent, the Carrier supplies her taste preferences, allowing the agent to generate a personalized recommendation.

2. Agent Store – Standardized "App Store" for Agents

Developers publish audited agents to the Store in a uniform format. The Store provides:

Cross‑model, cross‑platform uniformity, allowing private domain models to be integrated.

A user‑mind‑driven recommendation engine that matches agents to individual goals and long‑term user profiles, reducing selection cost and improving satisfaction.

Comparison: unlike existing platforms such as Coze or GPT Store, ColorEcosystem aims for stronger extensibility and on‑device, risk‑free execution.

Agents are expected to operate autonomously after receiving user commands, eventually making traditional GUI‑based applications unnecessary.

3. Agent Audit – Bidirectional Safety Net

All agents must pass a two‑sided audit before entering the Store:

Developer side :

Security audit checks for vulnerabilities, malicious code, or backdoors.

Information audit verifies that the agent includes complete usage instructions and developer contact information.

User side :

Behavior audit ensures users do not misuse agents for harmful activities.

Content audit filters generated outputs to exclude defamation, discrimination, violence, pornography, or other undesirable content.

Both audits are enforced in a sandboxed execution environment. The sandbox simulates realistic but isolated scenarios, actively triggers diverse functional paths, and monitors system calls, resource access, and data handling. Only agents that pass these dynamic tests receive a trust endorsement and can be deployed to the production environment.

Transition Measures

Recognizing that a fully mature ecosystem cannot be built instantly, the authors propose interim solutions:

Deploy GUI agents in the Store to cover devices lacking native API support. GUI agents analyze screen content and user commands to simulate human interactions (click, input, swipe), offering broad device compatibility at the cost of higher latency.

Leverage existing behavior‑based regulation mechanisms as a low‑cost, interim audit layer, acknowledging their inherent latency but noting their scalability for massive agent populations.

Form decentralized audit alliances (e.g., consortium‑based blockchain audit) as a bridge toward future centralized audit frameworks.

Introduce a token‑based payment model that incentivizes transaction‑driven developers and increases exposure for open‑source contributors.

Key Takeaways

ColorEcosystem separates personalization (Carrier), market distribution (Store), and security governance (Audit) to define the foundational rules of a forthcoming "agent internet." By keeping personal data on the user side, standardizing agent publication, and enforcing rigorous bidirectional audits, the blueprint aims to unlock substantial technical and commercial value as agent services mature.

Paper: https://arxiv.org/abs/2510.21566

Code: https://github.com/opas-lab/color-ecosystem