healthcare-providers-verify
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill follows standard operational procedures for healthcare provider credential verification using authoritative sources like the NPPES API.
- [COMMAND_EXECUTION]: The skill utilizes Bash for local environment checks, date calculations, and interacting with the vendor's CLI tool. These operations are transparent, scoped to the skill's operational requirements, and used for legitimate data processing tasks such as parsing NPI records and updating session logs.
- [EXTERNAL_DOWNLOADS]: Dependencies are limited to the vendor's official CLI package (@nimble-way/nimble-cli) and standard system utilities. Network activity is strictly directed toward official government registries (npiregistry.cms.hhs.gov) and well-known medical data providers.
- [DATA_EXFILTRATION]: Data transmission is limited to authorized NPI registries and user-configured distribution channels (Notion or Slack) via MCP connectors. The skill adheres to privacy best practices by storing results in a local vendor-managed directory (~/.nimble/) and avoiding unauthorized data transmission.
Audit Metadata