locomotive-scroll
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
assets/starter_locomotive/main.jsfile imports the Locomotive Scroll library from the Skypack CDN (https://cdn.skypack.dev/locomotive-scroll@4). Skypack is a well-known service for delivering npm packages, and this usage is consistent with standard front-end development practices. - [COMMAND_EXECUTION]: The skill contains Python utility scripts (
scripts/generate_config.pyandscripts/integration_helper.py) designed to help users generate configuration files. These scripts utilize standard library modules to take user input and write generated code to local files (.js,.html,.json). These operations are transparent, intentional, and restricted to the local environment. - [SAFE]: The skill's dependencies, as defined in
package.json, consist of the reputablelocomotive-scrollandvitepackages. The technical documentation and guides follow best practices, including advice on performance optimization and accessibility considerations such asprefers-reduced-motiondetection.
Audit Metadata