pp-clarity

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs the clarity-pp-cli binary and an MCP server from the author's GitHub repository and the @mvanhorn npm registry. These are well-known package registries and the resources are consistent with the vendor identity.
  • [COMMAND_EXECUTION]: The skill executes shell commands to install, verify, and run the Clarity utility. These operations are restricted to the local environment and are necessary for the skill's stated purpose.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature that allows routing command output to a specified URL. While this is a legitimate feature for data delivery, it represents a potential exfiltration vector if an agent is directed to send sensitive information to an untrusted endpoint.
  • [CREDENTIALS_SAFE]: The skill implements safe credential handling by instructing the user to use environment variables or a restricted-permission local file (~/.config/clarity-pp-cli/api-token) rather than providing tokens in the chat or committing them to code.
  • [PROMPT_INJECTION]: The audit html command ingests content from local HTML files, creating a surface for indirect prompt injection. The skill lacks explicit boundary markers or sanitization instructions for processing this untrusted external data.
  • Ingestion points: clarity-pp-cli audit html ./index.html (SKILL.md)
  • Boundary markers: Absent
  • Capability inventory: Shell command execution and network operations (SKILL.md)
  • Sanitization: Absent
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:11 AM
Security Audit — agent-trust-hub — pp-clarity