Skills
skills/ilteoood/harness/npm-check-updates/Gen Agent Trust Hub

npm-check-updates

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of --doctorInstall and --doctorTest flags, which allow for the execution of arbitrary shell commands to automate dependency testing during the upgrade process.
  • [EXTERNAL_DOWNLOADS]: The tool fetches dependency metadata from the npm registry or user-specified custom registries via the --registry flag.
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user to run standard package manager commands like npm install after upgrading dependencies, which triggers the download and execution of code from external repositories.
  • [COMMAND_EXECUTION]: The skill supports running logic-based configuration files (.ncurc.js) and programmatic scripts via tsx, which involves local execution of JavaScript code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:10 AM
Security Audit — agent-trust-hub — npm-check-updates