cmux-diagnostics
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for system diagnostics and health checks. It follows security best practices by defaulting to read-only operations and explicitly instructing the agent to avoid dumping sensitive information such as tokens, API keys, or full configuration file contents.
- [COMMAND_EXECUTION]: The diagnostic script executes several local commands including
cmux,stat,grep, andwc. These are standard tools used for checking system state, file metadata, and the presence of specific configuration markers without exposing the raw data itself. - [DATA_EXFILTRATION]: While the skill accesses various configuration paths (e.g.,
~/.config/cmux/,~/.codex/hooks.json), it only reports on file existence, size, modification times, and the presence of specific strings. It implements asafe_pathfunction to redact the local user's home directory path from reports, reducing metadata leakage.
Audit Metadata