inspect-calls-and-metrics

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides code examples that execute a local web server (FastAPI or Express) using the phone.serve() method to host a monitoring dashboard.
  • [DATA_EXFILTRATION]: The server configuration includes a tunnel=True parameter, which utilizes an external service to expose the local dashboard to the internet. As the dashboard contains call transcripts (PII), this feature represents a significant data exposure risk if the recommended authentication (bearer tokens) is not implemented. The author provides clear security warnings regarding this behavior.
  • [CREDENTIALS_UNSAFE]: The documentation includes a placeholder authentication token (hunter2-rotate-me) in code examples for the dashboard security feature.
  • [SAFE]: The getpatter library and documentation links are resources provided by the verified author of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:57 PM
Security Audit — agent-trust-hub — inspect-calls-and-metrics