ckm-ui-styling
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/shadcn_add.pyprogrammatically executes thenpx shadcnCLI tool usingsubprocess.run. The script uses a list-based argument structure instead of a raw shell string, which effectively prevents shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of UI components and development dependencies from the official npm and shadcn/ui registries. These are established, well-known services and the skill's usage is consistent with its primary purpose of UI development.
- [SAFE]: The script
scripts/tailwind_config_gen.pyincludes a robust regular expression validator for npm plugin names, ensuring that generated configuration files cannot be used as a vector for malicious code injection viarequire()statements. - [SAFE]: The
.coveragebinary file was analyzed and confirmed to be a standard SQLite database generated by the Python coverage tool for tracking test execution. It contains no executable content or obfuscated malicious payloads. - [SAFE]: Skill metadata and reference documentation are transparent and consistent with the provided utility scripts and overall functionality.
Audit Metadata