javascript-sdk
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides developer documentation and code examples for the inference.sh SDK, covering installation via npm, yarn, and pnpm.
- [SAFE]: Security best practices are emphasized throughout, such as using server proxies in Next.js, Express, and other frameworks to keep API keys on the server and out of the client-side code.
- [SAFE]: The documentation includes explicit patterns for human-in-the-loop approval (using the 'requireApproval' method) to ensure sensitive tool operations are reviewed by users before execution.
- [SAFE]: File system access (e.g., using 'fs.readFileSync' and 'fs.writeFileSync') is demonstrated for legitimate application features like uploading media or persisting conversation history locally.
- [SAFE]: Network requests are directed toward the platform's own domain (inference.sh) or well-known third-party services like Google and Tavily to support the SDK's primary functionality.
- [SAFE]: Authentication examples use safe practices, directing users to use environment variables (process.env.INFERENCE_API_KEY) or non-functional placeholders ('inf_your_key').
Audit Metadata