gemma4-local-deploy

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform system-level operations required for model serving.
  • Software Installation: Executes brew install and brew upgrade to manage dependencies like llama.cpp and ollama.
  • Background Services: Uses tmux to launch and manage persistent model server instances. The use of detached sessions (-d) is a standard practice for local API servers and is not used here for malicious concealment.
  • Local Validation: Employs curl to query local loopback addresses (127.0.0.1) for verifying the health and performance of the deployed models.
  • [EXTERNAL_DOWNLOADS]: The skill identifies and retrieves model assets from external sources.
  • Trusted Sources: Downloads model weights from official Hugging Face repositories owned by google and ggml-org.
  • Utility Fetching: Uses standard package managers and specialized CLI tools (e.g., huggingface-cli) to retrieve deployment assets. These actions are transparently documented and necessary for the skill's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — gemma4-local-deploy