query-tracing
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local binaries (
bin/mzcompose,bin/environmentd) and standard system tools (psql,curl,lsof,python3) to manage the Materialize monitoring stack and execute queries. These operations are part of the intended developer workflow for performance debugging. - [DATA_EXFILTRATION]: Trace data is retrieved from a local Tempo instance (
localhost:3200) and saved to a local temporary file (/tmp/claude-1000/trace.json). No data is sent to external servers or non-whitelisted domains. - [DYNAMIC_EXECUTION]: A provided Python script (
trace_tree.py) is used to parse the captured JSON traces. The script uses only standard library modules (base64,json,sys) and does not perform any unsafe operations like remote code execution or file system modification.
Audit Metadata