netbox-discovery

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill describes using NMAP and NAPALM for network and device discovery, which involves executing system commands and low-level network probes (e.g., SYN scans). These operations are documented as core functionalities of the discovery agent.
  • [EXTERNAL_DOWNLOADS]: Supports fetching configuration policies from remote Git repositories and installing custom Python packages for 'worker' and 'driver' extensions. These are standard extensibility features of the platform.
  • [CREDENTIALS_UNSAFE]: The skill defines a framework for managing sensitive credentials (API tokens, SSH keys, SNMP community strings) using environment variables and professional secret managers. No secrets are hardcoded; the skill uses standard ${VAR} placeholders.
  • [REMOTE_CODE_EXECUTION]: Documents the configuration of custom Python workers and drivers. While this allows for dynamic code execution, it is presented as a controlled extension mechanism for the discovery engine.
  • [DATA_EXFILTRATION]: Configuration details include sending discovered infrastructure data to a Diode server via gRPC. This is the intended primary data flow of the product and uses authenticated client credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:26 AM
Security Audit — agent-trust-hub — netbox-discovery