Skills
skills/nexu-io/sbti-skill/sbti-test/Gen Agent Trust Hub

sbti-test

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to facilitate the generation and deployment of the personality test results.
  • It executes node to run its deployment scripts (deploy_skill.js).
  • It uses system utilities like zip, base64, rm, and mkdir to package the HTML results and manage temporary files during the deployment process.
  • [DATA_EXFILTRATION]: The skill transmits the generated test results to an external server to create a shareable landing page.
  • Results are uploaded to https://deploy.nexu.io (a vendor-owned domain).
  • The data sent includes the interpolated HTML page containing the user's test results, which is the intended behavior of the 'share' feature.
  • [CREDENTIALS_UNSAFE]: The deployment utility programmatically retrieves platform-specific authentication tokens from local configuration files.
  • The script deploy_skill_core.js searches for and reads config.json in various platform directories (e.g., ~/.nexu/config.json) to obtain the cloud.apiKey.
  • This key is used solely for authenticating with the author's own deployment service to host the user's generated web page.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 08:34 AM