edgeone-makers-tools

Fail

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the edgeone CLI globally using npm install -g edgeone@latest. This is the official command-line tool for the EdgeOne Makers platform.
  • [COMMAND_EXECUTION]: The skill provides detailed instructions for executing edgeone CLI commands such as edgeone login, edgeone makers link, and edgeone makers deploy. These commands are essential for the skill's primary purpose of platform deployment and development.
  • [EXTERNAL_DOWNLOADS]: Reference files include links to template repositories and live previews hosted on vendor-owned domains (e.g., github.com/TencentEdgeOne, edgeone.site, edgeone.ai). These resources are used for scaffolding and project verification.
  • [SAFE]: Automated security alerts regarding malicious URLs (edgeone.site) and infected files are determined to be false positives. The URLs belong to the vendor's infrastructure for project previews, and the flagged files contain standard documentation of HTTP request/response handlers which frequently trigger heuristic-based scanners.
  • [SAFE]: The skill includes shell hooks (hooks/) used by agent platforms to provide context-aware suggestions. These scripts perform benign metadata gathering and do not execute untrusted code or exfiltrate data.
Recommendations
  • CRITICAL: 3 infected file(s) detected - DO NOT USE
  • Contains 17 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 26, 2026, 10:58 AM
Security Audit — agent-trust-hub — edgeone-makers-tools