pmndrs-viverse
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install several industry-standard and vendor-specific packages via NPM, such as 'three', '@react-three/fiber', '@react-three/viverse', and '@pmndrs/viverse'.
- [EXTERNAL_DOWNLOADS]: Includes instructions for the global installation of the '@viverse/cli' tool from the official registry.
- [COMMAND_EXECUTION]: The skill leverages the 'viverse-cli' for platform-specific tasks including user authentication, application creation, and build deployment to VIVERSE servers.
- [COMMAND_EXECUTION]: Uses the 'rg' (ripgrep) utility to programmatically search through the provided reference documentation files for specific components or APIs.
- [CREDENTIALS_UNSAFE]: While the documentation demonstrates CLI login commands, the skill's core instructions (SKILL.md) specifically mandate that the agent must not ask users for passwords or secrets, directing them toward interactive CLI flows or environment variables instead.
Audit Metadata