yandex-webmaster
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts to perform API calls via
curl. These scripts are well-structured, use standard POSIX utilities, and are intended for execution by the AI agent to fulfill user requests. - [CREDENTIALS_UNSAFE]: The skill handles authentication via a Yandex OAuth token. It follows best practices by instructing users to store the token in a
.envfile rather than hardcoding it. - [EXTERNAL_DOWNLOADS]: All network operations are directed to official Yandex API endpoints (
api.webmaster.yandex.netandapi.webmaster.yandex.net:443). No unauthorized data exfiltration or third-party downloads were detected. - [SAFE]: Static detection warnings about homoglyphs in
config/README.mdwere investigated and found to be false positives. The flagged URLs contain standard Cyrillic placeholders (e.g., 'ВАШ_CLIENT_ID') used in the Russian-language documentation to guide the user on where to insert their specific credentials.
Audit Metadata