profile-use

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust 'redaction-by-default' architecture where personal data is masked in logs and agent context, only revealing raw values at the moment of form entry.
  • [SAFE]: Data is stored locally in the user's home directory or iCloud Drive with strict 0600 file permissions, ensuring no data touches external servers or the chat history unless explicitly required.
  • [EXTERNAL_DOWNLOADS]: The skill references a shell script hosted on the author's GitHub repository (https://raw.githubusercontent.com/leeguooooo/profile-use/main/install-app.sh).
  • [TRUST-SCOPE-RULE]: This download is used to install a native macOS GUI for the skill and is documented as a legitimate part of the installation process for this author's toolset.
  • [COMMAND_EXECUTION]: The Python script and Swift app execute shell commands to interact with rbw (a Bitwarden CLI) and perform file operations.
  • These operations are used strictly for local vault access and profile management, following the principle of least privilege.
  • [CREDENTIALS_SAFE]: Password management is handled through a Bitwarden/Vaultwarden integration (rbw). The skill never asks for or stores the master password, requiring the user to unlock the vault themselves in their own terminal environment.
  • [DATA_EXFILTRATION]: No network exfiltration patterns were detected. The scripts contain no networking code (curl/requests) except for the installation script mentioned above.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 02:01 PM
Security Audit — agent-trust-hub — profile-use