detecting-typosquatting-packages
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/agent.pyhelper and theSKILL.mddocumentation utilize standard CLI commands and Python standard library calls to query official package registries (npm, PyPI, and crates.io). These operations are transparent and strictly aligned with the skill's defensive purpose of package screening. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for fetching popular-package datasets and cloning security tools from well-known technology organizations and research labs, including Microsoft, the Rust Foundation, and IQTLabs. All external references target official repositories or established public APIs.
- [SAFE]: The Python script uses the standard library (
urllib) for network requests and does not require third-party dependencies, minimizing the supply-chain risk of the skill itself. No obfuscation, hardcoded credentials, or persistence mechanisms were found.
Audit Metadata