detecting-typosquatting-packages

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/agent.py helper and the SKILL.md documentation utilize standard CLI commands and Python standard library calls to query official package registries (npm, PyPI, and crates.io). These operations are transparent and strictly aligned with the skill's defensive purpose of package screening.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for fetching popular-package datasets and cloning security tools from well-known technology organizations and research labs, including Microsoft, the Rust Foundation, and IQTLabs. All external references target official repositories or established public APIs.
  • [SAFE]: The Python script uses the standard library (urllib) for network requests and does not require third-party dependencies, minimizing the supply-chain risk of the skill itself. No obfuscation, hardcoded credentials, or persistence mechanisms were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 02:09 PM
Security Audit — agent-trust-hub — detecting-typosquatting-packages