when-detecting-fake-code-use-theater-detection

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses various shell commands including grep for pattern matching, sed for automated code remediation, and npm for running tests and installing dependencies.
  • [DYNAMIC_EXECUTION]: The skill generates several internal JavaScript scripts (scan-imports.js, analyze-implementation.js, etc.) using shell redirection and executes them via node to perform complex analysis logic.
  • [REMOTE_CODE_EXECUTION]: During the execution validation phase, the skill uses the require() function to dynamically load and execute modules from the codebase being scanned to verify if they provide meaningful output.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the environment to install the claude-flow package from the official NPM registry as its primary execution engine.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:21 AM
Security Audit — agent-trust-hub — when-detecting-fake-code-use-theater-detection