portal
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Android CLI installer and SDK components (platforms, build-tools, NDK) from official Google distribution servers (dl.google.com). As Google is a trusted organization, these downloads are considered safe for environment setup.
- [REMOTE_CODE_EXECUTION]: Employs piped shell execution (curl | bash) to install the Google Android CLI. While this pattern is often risky, its use here with a trusted source and for documented developer tooling is acceptable. It also utilizes 'npx' to execute the 'metavr' utility directly from the registry.
- [COMMAND_EXECUTION]: Leverages shell commands (bash, gradle) to automate building, installing, and debugging Android APKs. These capabilities are scoped to the project directories and connected devices.
- [SAFE]: No malicious patterns such as obfuscation, credential exfiltration, or unauthorized persistence were identified. The modification of shell profiles (~/.zshrc, ~/.bashrc) is used strictly for persisting standard environment variables like PATH and JAVA_HOME.
Audit Metadata