Skills
skills/coinbase/cds/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run and subprocess.Popen in several scripts (eval-viewer/generate_review.py, scripts/improve_description.py, scripts/run_eval.py, scripts/run_loop.py) to execute system commands such as claude -p, lsof, and kill. These are integral to the skill's purpose of automating skill testing and management within the Claude environment and do not pose a risk beyond the intended functionality.
  • [EXTERNAL_DOWNLOADS]: The eval-viewer/viewer.html file includes the SheetJS library via cdn.sheetjs.com and Google Fonts via fonts.googleapis.com. These are well-known, trusted CDN services used for rendering spreadsheets and styling the review interface.
  • [SAFE]: The skill is authored by 'coinbase', and all internal script logic corresponds to the claimed functionality of a 'Skill Creator'. No data exfiltration or persistence mechanisms were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 02:33 AM