python-lsp
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a well-structured LSP client implementation. Its behavior matches its stated purpose of providing code intelligence features such as go-to-definition and find-references using pyright.
- [EXTERNAL_DOWNLOADS]: The skill bootstraps the
pyrightlanguage server using standard package managers (uvorpipx). This is a documented and standard practice for developer tools that depend on external binaries.pyrightis a well-known and trusted static type checker. - [COMMAND_EXECUTION]: The skill manages the lifecycle of the
pyright-langserverprocess using the Pythonsubprocessmodule. The execution patterns use static argument lists rather than shell strings, which is a best practice that prevents command injection vulnerabilities.
Audit Metadata