skill-catalog-curator

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/check_external_auditors.py fetches package metadata from the official npm registry using the npm view command to monitor updates for external auditing tools.
  • [COMMAND_EXECUTION]: The skill utilizes subprocess.run to invoke external utilities as part of its auditing and management workflow:
  • scripts/check_external_auditors.py executes the npm CLI to check for version drift in external dependencies.
  • scripts/security_admission_pipeline.py executes the skillspector scanner (or a user-specified command) to integrate external security evidence.
  • [COMMAND_EXECUTION]: The scripts/security_admission_pipeline.py script manages the local skill catalog by copying and moving directories using shutil operations. These actions are used for installing, updating, or quarantining skills and require explicit user confirmation via CLI flags.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 12:23 PM
Security Audit — agent-trust-hub — skill-catalog-curator