Skills
skills/ascend-ai-coding/awesome-ascend-skills/external-gitcode-ascend-arxiv-recommendation-npu/Gen Agent Trust Hub

external-gitcode-ascend-arxiv-recommendation-npu

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several system commands via subprocess.run to perform its tasks:
  • Invokes the deepxiv CLI tool to search and fetch paper details from arXiv in scripts/fetcher.py.
  • Executes git clone to download source code from repositories identified in the papers within scripts/source_detector.py.
  • Uses curl to interact with the GitHub API for counting Python files in remote repositories in scripts/source_detector.py.
  • Runs npu-smi and other diagnostic tools in scripts/check_npu_env.sh to verify the hardware environment.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to automatically download third-party source code from GitHub repositories linked in research papers. It also includes a GITHUB_MIRROR configuration using ghproxy.com in scripts/config.py to facilitate downloads in various network environments.
  • [REMOTE_CODE_EXECUTION]: The skill's primary purpose is to fetch external, untrusted codebases for subsequent NPU adaptation. While it does not directly execute the downloaded code itself, it prepares a migration_task.json and instructs the agent to hand off the code to a separate migration skill for execution and validation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:21 AM
Security Audit — agent-trust-hub — external-gitcode-ascend-arxiv-recommendation-npu