python-lsp

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill is a well-structured LSP client implementation. Its behavior matches its stated purpose of providing code intelligence features such as go-to-definition and find-references using pyright.
  • [EXTERNAL_DOWNLOADS]: The skill bootstraps the pyright language server using standard package managers (uv or pipx). This is a documented and standard practice for developer tools that depend on external binaries. pyright is a well-known and trusted static type checker.
  • [COMMAND_EXECUTION]: The skill manages the lifecycle of the pyright-langserver process using the Python subprocess module. The execution patterns use static argument lists rather than shell strings, which is a best practice that prevents command injection vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:02 AM
Security Audit — agent-trust-hub — python-lsp