Skills
skills/cosmix/claude-loom/loom-dependency-scan/Gen Agent Trust Hub

loom-dependency-scan

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages the Bash tool to execute various package manager security commands such as npm audit, pip-audit, cargo audit, and govulncheck. It also utilizes specialized scanners like trivy, syft, and license-checker to perform its stated purpose of dependency analysis.
  • [EXTERNAL_DOWNLOADS]: Instructions include the installation of utility packages from official package registries (NPM, PyPI, Cargo) to support SBOM generation and license checking. Examples include @cyclonedx/cyclonedx-npm, cargo-cyclonedx, and cyclonedx-py. These are well-known community tools for software supply chain security.
  • [SAFE]: The skill follows security best practices by recommending the use of lockfiles, verifying sources, and utilizing established tools from trusted providers like Snyk and Aqua Security. The GitHub Actions examples reference official repositories from well-known organizations.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 11:40 AM