in-app-ui
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the official
@knocklabs/reactpackage, which is the legitimate SDK provided by the vendor for React integrations. - [COMMAND_EXECUTION]: The instructions include several Knock CLI (
knock) commands for authentication and resource management. These are standard administrative actions and do not involve suspicious execution patterns or obfuscation. - [CREDENTIALS_UNSAFE]: The skill correctly identifies and handles public API keys (
pk_...), providing explicit warnings to avoid using secret keys in client-side code and recommending secure storage in environment variables. - [SAFE]: The skill's behavior is consistent with its stated purpose of assisting developers with Knock integration, and it includes numerous manual checkpoints requiring user verification of environments and resources.
Audit Metadata