release-peekaboo

Pass

Audited by Gen Agent Trust Hub on Jul 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local scripts and system tools such as xcrun, gh, npm, pnpm, security, and op to automate the build, signing, and publishing of software release assets.
  • [DATA_EXFILTRATION]: As part of its core functionality, the skill uploads project binaries and metadata to npm and GitHub repositories associated with the author and project (openclaw/Peekaboo).
  • [CREDENTIALS_UNSAFE]: The release workflow involves temporary handling of sensitive credentials, such as Apple Store Connect private keys and npm tokens. It recommends using the 1Password CLI (op) and isolated shell sessions to manage these secrets securely.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 12, 2026, 06:23 AM
Security Audit — agent-trust-hub — release-peekaboo