speckle-impl-python-sdk

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the installation of the specklepy package and its dependencies (including pydantic, ujson, and gql) from official Python package registries. These are well-known libraries associated with the Speckle ecosystem.
  • [CREDENTIALS_UNSAFE]: Includes a dedicated 'Critical Warnings' section and anti-pattern documentation (AP-001) that correctly identifies hardcoded tokens as a high security risk and provides secure implementation patterns using environment variables.
  • [COMMAND_EXECUTION]: Provides standard instructions for Python environment management and package installation via pip, all of which are context-appropriate for a developer-oriented SDK skill.
  • [SAFE]: Interaction with local file system paths (e.g., ~/.config/Speckle) is limited to standard configuration and SQLite cache management required for the Speckle SDK's legitimate operation.
  • [SAFE]: No malicious patterns, such as obfuscation, persistence, unauthorized data exfiltration, or prompt injection, were detected. The skill's functionality is transparent and matches its stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 08:35 PM
Security Audit — agent-trust-hub — speckle-impl-python-sdk