hve-core-installer
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [User Consent and Transparency]: The skill incorporates explicit checkpoints that require user authorization before proceeding with environment detection, repository cloning, or configuration changes. This ensures that the user maintains control over all installation steps.
- [Trusted Infrastructure Interactions]: All external operations target trusted or well-known services, such as the VS Code Marketplace and Microsoft's official GitHub repository. These interactions are standard for developer-oriented setup tools and are used to fetch legitimate project components.
- [Scoped Configuration Changes]: Modifications are limited to project-local configuration files like
.vscode/settings.json,.gitignore, and.devcontainer/devcontainer.json. The skill does not attempt to modify global system settings or user-level configuration files outside the workspace. - [Standard Tooling and Dependencies]: The skill utilizes established developer tools (Git, PowerShell, Bash) and standard package execution patterns (NPX) for its tasks. The referenced packages, such as
@azure-devops/mcp, are official components associated with the vendor's ecosystem. - [Validation and Maintenance Logic]: Comprehensive validation and upgrade scripts are provided to ensure the integrity of the installation. These scripts use local file hashing (SHA-256) to track changes and offer conflict resolution when local modifications are detected, following standard software maintenance practices.
Audit Metadata