univer-plugin-dev

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a local utility script scripts/scaffold-plugin.ts intended to generate a project structure (boilerplate files) on the user's local filesystem. The script uses standard Node.js fs and path modules to create directories and write template files based on a user-provided name and path. No malicious command execution or path traversal risks were found.
  • [EXTERNAL_DOWNLOADS]: The skill references standard package installation via npx for executing its internal scaffolding script. It also lists official @univerjs peer dependencies. All external references point to legitimate ecosystem components.
  • [DATA_EXPOSURE]: No hardcoded credentials, sensitive file paths, or unauthorized network communication patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 03:15 AM
Security Audit — agent-trust-hub — univer-plugin-dev