speckle-impl-python-sdk
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the installation of the
specklepypackage and its dependencies (includingpydantic,ujson, andgql) from official Python package registries. These are well-known libraries associated with the Speckle ecosystem. - [CREDENTIALS_UNSAFE]: Includes a dedicated 'Critical Warnings' section and anti-pattern documentation (AP-001) that correctly identifies hardcoded tokens as a high security risk and provides secure implementation patterns using environment variables.
- [COMMAND_EXECUTION]: Provides standard instructions for Python environment management and package installation via
pip, all of which are context-appropriate for a developer-oriented SDK skill. - [SAFE]: Interaction with local file system paths (e.g.,
~/.config/Speckle) is limited to standard configuration and SQLite cache management required for the Speckle SDK's legitimate operation. - [SAFE]: No malicious patterns, such as obfuscation, persistence, unauthorized data exfiltration, or prompt injection, were detected. The skill's functionality is transparent and matches its stated purpose.
Audit Metadata