supply-chain-defense

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The automated detection of shell-piped download commands (e.g., curl | sh) is triggered by strings present in the tests/run.sh script. These strings are used as test fixtures to create temporary files that verify the effectiveness of the skill's security auditing tools.
  • [COMMAND_EXECUTION]: The skill extensively uses shell commands and Python's subprocess module to perform its primary auditing functions, such as scanning the filesystem for configuration drift, monitoring network connections on Windows, and performing local package inventory scans.
  • [EXTERNAL_DOWNLOADS]: The scripts perform network requests to well-known technology services, including public registries like npm and PyPI, as well as RDAP services. These requests are used to check package metadata, verify release age, and validate domain registration dates for security purposes.
  • [DATA_EXFILTRATION]: Behavioral scanning logic within scripts/postinstall-audit.py contains regex patterns identifying common exfiltration endpoints (e.g., Discord webhooks, webhook.site) and sensitive file paths. These patterns are utilized exclusively as detection signatures to alert the user of potential malicious behavior in third-party packages.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 07:00 PM
Security Audit — agent-trust-hub — supply-chain-defense