Skills
skills/huaweicloud/huaweicloud-skills/huawei-cloud-find-skills/Gen Agent Trust Hub

huawei-cloud-find-skills

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation (SKILL.md) and configuration data from Huawei Cloud's official GitHub organization repositories via raw.githubusercontent.com. This is a legitimate functional requirement for a discovery tool to provide up-to-date information on available skills.
  • [COMMAND_EXECUTION]: The skill executes local search scripts (scripts/search-skills.sh and scripts/search-skills.ps1) to parse the included index. These scripts handle user-supplied search keywords safely by utilizing standard JSON processing utilities such as jq in Bash and ConvertFrom-Json in PowerShell, preventing common command injection vectors.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions for the agent to install additional components using npx for the skills and clawhub packages. These operations target the vendor's own official repositories on GitHub and GitCode to provision specific agent capabilities requested by the user, which is consistent with the skill's primary purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:19 AM
Security Audit — agent-trust-hub — huawei-cloud-find-skills