setup-tooluniverse
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the
uvpackage manager installation script fromastral.sh, which is a well-known service for Python tooling. This is a standard and documented installation method for this tool. - [COMMAND_EXECUTION]: Provides instructions for installing dependencies using piped shell commands (
curl -LsSf ... | sh). This behavior is restricted to the initial setup phase and targets a known, reputable source. - [COMMAND_EXECUTION]: Suggests using
sudofor creating symbolic links (ln -sf) to resolve PATH issues in GUI environments like Claude Desktop. This is a common environment configuration step for developers. - [COMMAND_EXECUTION]: Includes diagnostic scripts (
check_prerequisites.py,verify_installation.py,diagnose_setup.py) that utilizesubprocessto check for Python versions, tool availability, and system configurations. - [COMMAND_EXECUTION]: Diagnostic scripts use
__import__to dynamically check for the presence of optional library dependencies such asrdkit,biopython, andsentence_transformerswithout failing at load time if they are missing. - [SAFE]: The skill uses placeholders (e.g.,
your_key_here,sk-...) for API keys and recommends standard security practices like storing credentials in environment variables or.envfiles rather than hardcoding them.
Audit Metadata