supply-chain-defense
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The automated detection of shell-piped download commands (e.g.,
curl | sh) is triggered by strings present in thetests/run.shscript. These strings are used as test fixtures to create temporary files that verify the effectiveness of the skill's security auditing tools. - [COMMAND_EXECUTION]: The skill extensively uses shell commands and Python's
subprocessmodule to perform its primary auditing functions, such as scanning the filesystem for configuration drift, monitoring network connections on Windows, and performing local package inventory scans. - [EXTERNAL_DOWNLOADS]: The scripts perform network requests to well-known technology services, including public registries like npm and PyPI, as well as RDAP services. These requests are used to check package metadata, verify release age, and validate domain registration dates for security purposes.
- [DATA_EXFILTRATION]: Behavioral scanning logic within
scripts/postinstall-audit.pycontains regex patterns identifying common exfiltration endpoints (e.g., Discord webhooks, webhook.site) and sensitive file paths. These patterns are utilized exclusively as detection signatures to alert the user of potential malicious behavior in third-party packages.
Audit Metadata