beaver-engine
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a variety of local shell commands using
bash,git, andgrep. These tools are utilized for project state management (via a local scriptbeaver-lib.sh), codebase discovery (the 'Discovery Triad' pattern), and interacting with the GitHub CLI (gh). These operations are constrained by strict internal logic and user approval gates. - [EXTERNAL_DOWNLOADS]: The skill interacts with the GitHub API to fetch and update project metadata. It also references an external RFC document located on the vendor's official GitHub organization (
primatrix/wiki). These downloads and references target a well-known service and the author's own infrastructure, posing no significant security risk. - [DATA_EXFILTRATION]: The skill updates project metadata on GitHub (e.g., status, size, iteration). While this involves transmitting data externally, the communication is limited to the official GitHub API and is central to the skill's primary intended function as an internal project management engine.
Audit Metadata