skill-creator
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
subprocessandosmodules to automate developer workflows. Specifically: scripts/run_eval.pyusessubprocess.Popento execute theclaudeCLI for trigger evaluation tests.scripts/improve_description.pyinvokesclaude -pto generate optimized skill descriptions.eval-viewer/generate_review.pyrunslsofand usesos.killto manage local network ports for the evaluation viewer server.- These actions are standard for developer tooling and are performed within the local environment context.
- [EXTERNAL_DOWNLOADS]: The
eval-viewer/viewer.htmltemplate references the SheetJS (xlsx) library fromcdn.sheetjs.com. This is a well-known and trusted external service used for processing spreadsheet data within the browser-based results viewer. - [SAFE]: The skill generates temporary markdown files and JSON metadata in
.claude/commands/and specified workspace directories to facilitate testing. This dynamic file creation is necessary for its function as a skill-testing harness and does not exhibit malicious patterns.
Audit Metadata