Utilities

Fail

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Several scripts utilize subprocess calls to perform legitimate tasks: recalc.py and pack.py invoke soffice (LibreOffice) to recalculate and validate Office documents; BinaryTests.ts and StaticAnalysis.ts in the Evals skill run local test runners and linters; Raycast scripts in the Fabric skill execute the fabric CLI.
  • [EXTERNAL_DOWNLOADS]: The PAIUpgrade skill (Anthropic.ts) and Parser skill (BatchEntityExtractionGemini3.md) perform network requests to fetch release notes, documentation, and web content from trusted domains like anthropic.com, github.com, and google.com. The AudioEditor skill (Polish.ts) interacts with the Cleanvoice API.
  • [DATA_EXFILTRATION]: The AudioEditor skill sends audio data to api.cleanvoice.ai for automated processing. This is a core feature of the skill's audio cleaning workflow and is clearly documented as requiring a user-provided API key.
  • [SAFE]: Automated scanner alerts for Parser/Workflows/ExtractYoutube.md and channelwebsite.com were determined to be false positives, as they involve standard documentation examples and benign placeholder domains.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 30, 2026, 03:34 PM
Security Audit — agent-trust-hub — Utilities