auto-skill

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to manage its state and track session activity. It creates and removes marker files in ~/.claude/ and .claude/ to handle global and project-specific toggles. It also performs local file system audits of existing skills to prevent duplicate creation.
  • [REMOTE_CODE_EXECUTION]: The skill provides two bash scripts (evaluate.sh and track-tools.sh) that the user is instructed to register as Stop and PostToolUse hooks in the agent's configuration. These scripts execute locally on the host machine to automate session analysis. The scripts are transparent, human-readable, and perform only the documented tracking and logging functions.
  • [DATA_EXPOSURE]: It maintains a local log file (~/.claude/auto-skill/pending.log) containing session metadata, working directory paths, and tool usage statistics. This data remains on the local file system and is used to surface suggestions to the user during session synchronization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:51 PM
Security Audit — agent-trust-hub — auto-skill