netbox-discovery
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill describes using NMAP and NAPALM for network and device discovery, which involves executing system commands and low-level network probes (e.g., SYN scans). These operations are documented as core functionalities of the discovery agent.
- [EXTERNAL_DOWNLOADS]: Supports fetching configuration policies from remote Git repositories and installing custom Python packages for 'worker' and 'driver' extensions. These are standard extensibility features of the platform.
- [CREDENTIALS_UNSAFE]: The skill defines a framework for managing sensitive credentials (API tokens, SSH keys, SNMP community strings) using environment variables and professional secret managers. No secrets are hardcoded; the skill uses standard
${VAR}placeholders. - [REMOTE_CODE_EXECUTION]: Documents the configuration of custom Python workers and drivers. While this allows for dynamic code execution, it is presented as a controlled extension mechanism for the discovery engine.
- [DATA_EXFILTRATION]: Configuration details include sending discovered infrastructure data to a Diode server via gRPC. This is the intended primary data flow of the product and uses authenticated client credentials.
Audit Metadata