ableton-live
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard commands for environment verification (
node --version) and MCP server registration (claude mcp add). These are legitimate actions for the skill's stated purpose of setting up a developer bridge. - [DATA_EXFILTRATION]: The skill reads a local file (
bridge.json) containing a bearer token and port information. This sensitive data is used exclusively for local communication with the Ableton bridge on127.0.0.1and for configuring the local agent client. No network exfiltration to remote or untrusted domains was detected. - [PROMPT_INJECTION]: No attempts to bypass safety filters, override system instructions, or extract system prompts were found in the skill instructions.
- [EXTERNAL_DOWNLOADS]: The skill does not perform any remote downloads or execute scripts from external sources.
- [COMMAND_EXECUTION]: The
/setupcommand involves modifying local configuration files such asclaude_desktop_config.jsonand.cursor/mcp.json. These operations are transparently described to the user and are necessary for the bridge integration to function.
Audit Metadata