skills/steipete/clawdis/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file contains a validation instruction that uses a shell heredoc to execute Python code via stdin (python
  • <<'PY'). This is a documented procedure for bulk validation of local files.
  • [COMMAND_EXECUTION]: The scripts/init_skill.py script uses the chmod method to set execution permissions (0755) on newly generated example scripts. This facilitates immediate use of the templates created by the skill.
  • [SAFE]: The packaging logic in scripts/package_skill.py implements proactive security measures, including explicitly skipping symbolic links and verifying that all files being archived are contained within the designated skill directory to prevent path traversal.
  • [SAFE]: The YAML validation logic in scripts/quick_validate.py utilizes safe loading practices and implements strict schema checks, including length limits and character restrictions on metadata fields.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 06:18 PM
Security Audit — agent-trust-hub — skill-creator