ljg-push
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash script (Push.sh) that utilizes standard system utilities including git, rsync, sed, grep, and find to manage and synchronize files within the user's home directory.- [EXTERNAL_DOWNLOADS]: The script automatically clones a specific repository from GitHub (github.com/lijigang/ljg-skills) if it is missing from the local workspace.- [DATA_EXFILTRATION]: While the skill pushes local files to GitHub, this is its documented primary purpose. The scope is restricted to directories prefixed with 'ljg-' within the local skills folder, and the destination is the author's own repository.- [SAFE]: Uses a local network request to 'http://localhost:31337/notify' for status notifications, which is a common pattern for local developer tools and does not involve external data transmission.
Audit Metadata