manage-local-skills

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes Node.js scripts (inspect-source.mjs, install-skill.mjs, validate-skill.mjs) that automate the management of local skill directories through file system operations such as directory traversal and file manipulation.\n- [COMMAND_EXECUTION]: The installation script modifies project-level and global agent directories (e.g., ~/.claude/skills, ~/.cursor/skills) to sync or symlink skills, which is the core intended functionality of the tool.\n- [COMMAND_EXECUTION]: Security controls are implemented in scripts/lib/path-safety.mjs to ensure that all file operations are restricted to authorized base directories, mitigating the risk of directory traversal or accidental file deletion outside the intended scope.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:58 PM
Security Audit — agent-trust-hub — manage-local-skills