ai-video-calls-tavus

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands for configuration and API interaction.
  • Uses python3 -c to extract the api_key from a local JSON file at ~/.gooseworks/credentials.json.
  • Uses curl to make POST requests to the Tavus API proxy at api.gooseworks.ai.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes external package runners for setup.
  • Suggests running npx gooseworks login to authenticate.
  • Uses npx goose-skills install for skill installation.
  • [DATA_EXFILTRATION]: The skill accesses local credentials to authenticate with the vendor's service.
  • Reads credentials from the file path ~/.gooseworks/credentials.json.
  • Transmits the extracted api_key to api.gooseworks.ai via the Authorization header as part of the intended authentication flow.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — ai-video-calls-tavus