moviepilot-cli
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a legitimate interface to a MoviePilot media management server. It uses a standalone Node.js script to interact with the server's API.
- [SAFE]: Sensitive information such as the MoviePilot API key is handled securely. The script allows the user to provide the key via command-line arguments, environment variables, or a local configuration file (
~/.config/moviepilot_cli/config). The configuration file is created with restricted file permissions (0o600), ensuring it is only readable by the owner. - [SAFE]: Network activity is restricted to the backend host explicitly configured by the user. The script uses standard Node.js
httpandhttpsmodules to perform API requests and does not include any hardcoded or suspicious external URLs. - [SAFE]: The skill implementation relies entirely on Node.js built-in modules (
fs,os,path,http,https). It does not require any external packages from NPM, reducing the risk of supply chain attacks.
Audit Metadata