The Agent Skills Directory

[SAFE]: The skill is designed to interact with the Sumsub API and implements security-conscious practices, such as requiring sandbox-specific prefixes for API tokens by default.
[EXTERNAL_DOWNLOADS]: The skill fetches the official Sumsub OpenAPI schema from api.sumsub.com to identify available endpoints. This is a well-known service and the operation is necessary for the skill's primary function.
[COMMAND_EXECUTION]: Executes API calls using a local Bash script (sumsub_curl.sh). This script handles HMAC-SHA256 signing and authentication using standard openssl and curl utilities. No arbitrary or unsafe command execution was detected.
[SAFE]: Authentication credentials (SUMSUB_APP_TOKEN and SUMSUB_SECRET_KEY) are managed via environment variables, adhering to standard security practices for agent skills. No hardcoded secrets or sensitive local file access (e.g., SSH keys or cloud provider credentials) were found.

sumsub-api-generic