keyapi-pinterest-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill is designed to perform Pinterest data analysis as described in the documentation.
- [COMMAND_EXECUTION]: The skill uses a local Node.js script to communicate with the KeyAPI MCP server. This script is restricted to executing pre-defined tools and does not provide an interface for arbitrary command execution.
- [EXTERNAL_DOWNLOADS]: The skill depends on the official @modelcontextprotocol/sdk, which is retrieved from the public npm registry. No untrusted or suspicious remote scripts are downloaded.
- [DATA_EXFILTRATION]: Network communication is limited to the vendor's official API endpoint (mcp.keyapi.ai) for the purpose of retrieving user-requested Pinterest data. There is no evidence of unauthorized data transmission.
- [SAFE]: Secret management is implemented correctly, utilizing environment variables and local environment files (.env) to store the required API token without hardcoding sensitive values.
Audit Metadata