opencode-draw
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions fetch configuration (
SKILL.md) and executable code (draw.py) from the author's GitHub repository atgithub.com/mathruffian-dot/opencode-lazy-packs. - [COMMAND_EXECUTION]: The installation process involves executing shell commands to create local directories, download files via
curl, and run the resulting Python script for testing purposes. - [SAFE_PRACTICE]: The skill references a sensitive file path (
~/.openai.env) for storing theOPENAI_API_KEY, which aligns with standard secret management practices for local development tools.
Audit Metadata