pp-clarity
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
clarity-pp-clibinary and an MCP server from the author's GitHub repository and the@mvanhornnpm registry. These are well-known package registries and the resources are consistent with the vendor identity. - [COMMAND_EXECUTION]: The skill executes shell commands to install, verify, and run the Clarity utility. These operations are restricted to the local environment and are necessary for the skill's stated purpose.
- [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>feature that allows routing command output to a specified URL. While this is a legitimate feature for data delivery, it represents a potential exfiltration vector if an agent is directed to send sensitive information to an untrusted endpoint. - [CREDENTIALS_SAFE]: The skill implements safe credential handling by instructing the user to use environment variables or a restricted-permission local file (
~/.config/clarity-pp-cli/api-token) rather than providing tokens in the chat or committing them to code. - [PROMPT_INJECTION]: The
audit htmlcommand ingests content from local HTML files, creating a surface for indirect prompt injection. The skill lacks explicit boundary markers or sanitization instructions for processing this untrusted external data. - Ingestion points:
clarity-pp-cli audit html ./index.html(SKILL.md) - Boundary markers: Absent
- Capability inventory: Shell command execution and network operations (SKILL.md)
- Sanitization: Absent
Audit Metadata