multica-skill-importing
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a set of administrative instructions for using the Multica platform's built-in CLI and API. It includes guidance on handling conflicts and agent-skill bindings.
- [COMMAND_EXECUTION]: The skill utilizes the
multicaCLI via theBashtool. Usage is constrained by theallowed-toolsfrontmatter to themultica *command prefix, ensuring the agent can only perform platform-sanctioned operations. - [DATA_EXPOSURE]: No sensitive data access or credential exposure was detected. The skill references public repository hosts (GitHub) and platform-specific domains (clawhub.ai, skills.sh) for legitimate skill importing tasks.
- [REMOTE_CODE_EXECUTION]: While the skill's primary purpose is to import code (skills) from remote URLs, it does so using the platform's own
importcommand which is governed by server-side validation and security controls, as documented in the provided source map.
Audit Metadata