olares-chart
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill automates the application lifecycle using
olares-cli,docker,git, andgh(GitHub CLI). These operations are core to its purpose of scaffolding, building, and deploying containerized applications. - [EXTERNAL_DOWNLOADS]: Downloads configuration and trusted container images from the
beclaborganization (e.g.,beclab/terminal,beclab/docker,beclab/aboveos-busybox). These are authoritative resources from the skill's authoring vendor. - [PROMPT_INJECTION]: Features robust safety instructions ('Agent boundaries') in files like
olares-chart-paid-apps.mdandolares-chart-market-submit.md. These instructions explicitly forbid the agent from handling high-privilege secrets or executing on-chain transactions without the user's direct oversight. - [DATA_EXFILTRATION]: Performs legitimate network operations to well-known services (Docker Hub, GitHub Container Registry) and the Olares platform backend for the purpose of pushing images and uploading application charts. No unauthorized or suspicious data transmission was detected.
- [CREDENTIALS_UNSAFE]: Appropriately handles platform secrets (like
OLARES_USER_OPENAI_APIKEYorHF_TOKEN) by referencing them through the platform's environment variable system (valueFrom) rather than inlining or hardcoding values.
Audit Metadata