Skills
skills/cline/skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on local command execution to perform evaluations and manage its user interface. It calls the claude CLI tool via subprocess to test skill triggering and uses standard system utilities like lsof and kill to manage the local review server.
  • [COMMAND_EXECUTION]: The script scripts/run_eval.py creates temporary command files in .claude/commands/ to simulate skill installation for testing purposes. These files are removed immediately after the evaluation run.
  • [SAFE]: The skill initiates a local HTTP server on 127.0.0.1:3117 to display evaluation results. This server is restricted to the local loopback interface and is used solely for qualitative human review of generated outputs.
  • [SAFE]: External dependencies are restricted to well-known technology providers. The review interface fetches the SheetJS library from a public CDN to render spreadsheet files and uses Google Fonts for styling.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 08:07 AM
Security Audit — agent-trust-hub — skill-creator