Skills
skills/rjyo/moshi-skill/moshi-best-practices/Gen Agent Trust Hub

moshi-best-practices

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to verify host readiness, check for the presence of tmux and mosh-server, and configure the system environment.
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs the moshi-hook tool via a Homebrew tap (rjyo/moshi) and uses bunx to execute moshi-hooks from NPM. These resources belong to the skill's author.
  • [REMOTE_CODE_EXECUTION]: Installation of third-party tools through Homebrew and NPM (bunx) constitutes remote code execution. However, these tools are consistent with the skill's stated purpose of setting up Moshi integrations.
  • [SAFE]: All external dependencies and scripts originate from the vendor's own infrastructure (GitHub/NPM), and the secret management practices described (using Keychain or protected local files) are standard for the tool's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:50 AM