mongodb-mongoose
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate technical resource for MongoDB development. No malicious patterns, obfuscation, or data exfiltration attempts were detected.
- [CREDENTIALS_UNSAFE]: The code correctly uses
process.env.MONGODB_URIfor database connection strings rather than hardcoding credentials, following best practices for secret management. - [COMMAND_EXECUTION]: The skill includes a utility script
scripts/seed-database.jsfor populating a development database. This script uses the standardmongodbdriver and performs legitimate database operations without suspicious side effects. - [DATA_EXPOSURE]: The skill references local development paths (e.g.,
C:/Users/LOQ/...) inSKILL.md. While these expose the author's local environment structure, they do not pose a security risk to the end-user of the skill. - [SAFE]: External resource calls, such as to
api.dicebear.comfor avatar generation in the seed script, target well-known and benign services.
Audit Metadata