excalidraw
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the 'lz-string' package via npm. This is a well-known library required for the Excalidraw compression format for Obsidian.
- [COMMAND_EXECUTION]: The instructions involve running a Node.js script locally to generate diagram files in an Obsidian vault. This is a standard workflow for a diagram-generation utility.
- [SAFE]: Static detection of homoglyphs in 'SKILL.md' is a false positive caused by the legitimate use of Russian characters in filenames and deep links (e.g., 'Название.excalidraw.md') within the Russian-language context of the skill.
- [SAFE]: The use of Base64-encoded compressed JSON is a functional requirement of the target Obsidian Excalidraw plugin for data serialization and does not constitute a malicious obfuscation attempt.
Audit Metadata