multica-skill-importing

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a set of administrative instructions for using the Multica platform's built-in CLI and API. It includes guidance on handling conflicts and agent-skill bindings.
  • [COMMAND_EXECUTION]: The skill utilizes the multica CLI via the Bash tool. Usage is constrained by the allowed-tools frontmatter to the multica * command prefix, ensuring the agent can only perform platform-sanctioned operations.
  • [DATA_EXPOSURE]: No sensitive data access or credential exposure was detected. The skill references public repository hosts (GitHub) and platform-specific domains (clawhub.ai, skills.sh) for legitimate skill importing tasks.
  • [REMOTE_CODE_EXECUTION]: While the skill's primary purpose is to import code (skills) from remote URLs, it does so using the platform's own import command which is governed by server-side validation and security controls, as documented in the provided source map.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:46 PM
Security Audit — agent-trust-hub — multica-skill-importing