ai-video-calls-tavus
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for configuration and API interaction.
- Uses
python3 -cto extract theapi_keyfrom a local JSON file at~/.gooseworks/credentials.json. - Uses
curlto make POST requests to the Tavus API proxy atapi.gooseworks.ai. - [EXTERNAL_DOWNLOADS]: The skill utilizes external package runners for setup.
- Suggests running
npx gooseworks loginto authenticate. - Uses
npx goose-skills installfor skill installation. - [DATA_EXFILTRATION]: The skill accesses local credentials to authenticate with the vendor's service.
- Reads credentials from the file path
~/.gooseworks/credentials.json. - Transmits the extracted
api_keytoapi.gooseworks.aivia the Authorization header as part of the intended authentication flow.
Audit Metadata