rivetkit
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The documentation provides standard CLI instructions for building, running, and deploying applications, including
npm install,docker build, andnpx tsx. These are presented as developer guidance and do not perform hidden or automated execution. - [EXTERNAL_DOWNLOADS]: The skill recommends installing various Rivet-related packages (e.g.,
rivetkit,@rivet-dev/agent-os-pi) from standard registries. It also mentionsnpx skills add rivet-dev/skillsas a setup step for coding agents. These references are vendor-owned and consistent with the framework's ecosystem. - [SAFE]: The security model described in the documentation emphasizes 'deny-by-default' rules, authentication via tokens, and isolated VM environments (agentOS) for running agent code. The examples provided use placeholders for sensitive credentials (e.g.,
sk_abc123,YOUR_API_KEY_HERE) and follow industry best practices for secret management using environment variables.
Audit Metadata