nocobase-ui-builder
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill manages NocoBase Modern page components by executing the nb CLI tool, which serves as the canonical transport for interacting with the application backend.
- [EXTERNAL_DOWNLOADS]: The RunJS environment allows for the dynamic loading of JavaScript modules and CSS from established CDN providers such as esm.sh and jsdelivr.net. These references are documented as part of the skill's standard extension capabilities for custom UI logic.
- [COMMAND_EXECUTION]: The skill implements a local validation and execution sandbox using Node.js vm and worker_threads. This system includes a static analyzer that enforces a strict render contract and blocks unauthorized global APIs, such as bare fetch or direct location mutations, to prevent data leakage and unauthorized network access.
Audit Metadata