gramio
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides developer tools (under
tools/) for introspecting the local environment (e.g., checking signatures of installed Telegram Bot API methods). These tools operate locally on the user's project and do not perform unauthorized network operations or access sensitive data. - [SAFE]: The username availability checker (
gramio-pick-username/) fetches public data from the officialt.medomain to verify unclaimed handles. It uses a specific, bundled script (check-usernames.mjs) that performs local validation of names before fetching and returns structured JSON for the agent to process, which is the intended and primary function of the sub-skill. - [SAFE]: All referenced external resources and packages are official GramIO libraries or well-known third-party Telegram ecosystem tools. The skill provides clear migration paths from other frameworks.
- [SAFE]: No obfuscation, hardcoded credentials, prompt injection, or unauthorized persistence mechanisms were identified in the analyzed files. Best practices for secret management (using .env files) are encouraged.
Audit Metadata