gemma4-local-deploy
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform system-level operations required for model serving. - Software Installation: Executes
brew installandbrew upgradeto manage dependencies likellama.cppandollama. - Background Services: Uses
tmuxto launch and manage persistent model server instances. The use of detached sessions (-d) is a standard practice for local API servers and is not used here for malicious concealment. - Local Validation: Employs
curlto query local loopback addresses (127.0.0.1) for verifying the health and performance of the deployed models. - [EXTERNAL_DOWNLOADS]: The skill identifies and retrieves model assets from external sources.
- Trusted Sources: Downloads model weights from official Hugging Face repositories owned by
googleandggml-org. - Utility Fetching: Uses standard package managers and specialized CLI tools (e.g.,
huggingface-cli) to retrieve deployment assets. These actions are transparently documented and necessary for the skill's functionality.
Audit Metadata