skills/hkuds/nanobot/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/init_skill.py performs directory creation and file writing to set up new skill templates based on user-provided names.
  • [COMMAND_EXECUTION]: The script scripts/package_skill.py reads local files and creates a ZIP archive (.skill file) using the standard zipfile module.
  • [SAFE]: The packaging logic in scripts/package_skill.py includes proactive security checks, such as explicitly rejecting symlinks and verifying that all files reside within the skill's root directory, which prevents path traversal attacks during the packaging process.
  • [SAFE]: No network operations, external data exfiltration, or remote code execution patterns were detected. The skill's functionality is entirely focused on local file system management for development workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:24 AM
Security Audit — agent-trust-hub — skill-creator