Skills
skills/cruldra/skills/xmind-processor/Gen Agent Trust Hub

xmind-processor

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides utility scripts for managing XMind mind maps. Analysis of scripts/xmind_utils.py, scripts/create_xmind.py, scripts/insert_topic.py, and scripts/set_background.py shows they perform intended file operations (ZIP manipulation and JSON editing) without malicious behavior.
  • [EXTERNAL_DOWNLOADS]: The skill requires the jsonpath-ng package, which is a legitimate library for JSON path parsing. No other external resources or remote scripts are fetched during execution.
  • [REMOTE_CODE_EXECUTION]: The dynamic import __import__('sys') in scripts/insert_topic.py was investigated and found to be benignly used for error logging to stderr. It does not process untrusted input for module names or facilitate execution of remote content.
  • [DATA_EXFILTRATION]: No network operations, credential harvesting patterns, or attempts to access sensitive system files (such as SSH keys or cloud configuration folders) were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 07:09 AM