shadcn-core-cli

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [SAFE]: The skill follows security best practices by recommending environment variable interpolation for registry secrets instead of hardcoding credentials.
  • [COMMAND_EXECUTION]: The skill documents the use of the shadcn CLI for project bootstrapping and component management through various subcommands such as init, add, and migrate.
  • [EXTERNAL_DOWNLOADS]: The skill describes how the CLI fetches component definitions and source code from the official registry at ui.shadcn.com and from user-configured custom registries.
  • [REMOTE_CODE_EXECUTION]: Instructions include the use of npx or pnpm dlx to run the shadcn utility, which involves downloading and executing the tool from the npm registry. This is a standard and expected workflow for this well-known development utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 03:40 PM
Security Audit — agent-trust-hub — shadcn-core-cli