Skills
skills/onsager-ai/dev-skills/rust-npm-publish/Gen Agent Trust Hub

rust-npm-publish

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes scripts (publish-main-packages.ts and publish-platform-packages.ts) that use execSync to perform npm publish operations. This is the intended functionality for a publishing pipeline skill.
  • [COMMAND_EXECUTION]: The bin.js wrapper template uses execFileSync to execute the platform-specific native binary resolved at runtime. This is a standard industry pattern (used by tools like esbuild and swc) for distributing native binaries via npm packages.
  • [SAFE]: The use of chmod and chmodSync in several scripts is necessary to ensure that the distributed native binaries have the correct execution permissions on Unix-like systems.
  • [DATA_EXPOSURE]: Scripts perform read and write operations on local package.json and Cargo.toml files to synchronize version numbers and prepare manifests. These operations are restricted to the project workspace and are required for the version management strategy described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:41 PM
Security Audit — agent-trust-hub — rust-npm-publish