setup-tooluniverse

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the uv package manager installation script from astral.sh, which is a well-known service for Python tooling. This is a standard and documented installation method for this tool.
  • [COMMAND_EXECUTION]: Provides instructions for installing dependencies using piped shell commands (curl -LsSf ... | sh). This behavior is restricted to the initial setup phase and targets a known, reputable source.
  • [COMMAND_EXECUTION]: Suggests using sudo for creating symbolic links (ln -sf) to resolve PATH issues in GUI environments like Claude Desktop. This is a common environment configuration step for developers.
  • [COMMAND_EXECUTION]: Includes diagnostic scripts (check_prerequisites.py, verify_installation.py, diagnose_setup.py) that utilize subprocess to check for Python versions, tool availability, and system configurations.
  • [COMMAND_EXECUTION]: Diagnostic scripts use __import__ to dynamically check for the presence of optional library dependencies such as rdkit, biopython, and sentence_transformers without failing at load time if they are missing.
  • [SAFE]: The skill uses placeholders (e.g., your_key_here, sk-...) for API keys and recommends standard security practices like storing credentials in environment variables or .env files rather than hardcoding them.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 05:25 AM
Security Audit — agent-trust-hub — setup-tooluniverse