skill-catalog-curator
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/check_external_auditors.pyfetches package metadata from the official npm registry using thenpm viewcommand to monitor updates for external auditing tools. - [COMMAND_EXECUTION]: The skill utilizes
subprocess.runto invoke external utilities as part of its auditing and management workflow: scripts/check_external_auditors.pyexecutes thenpmCLI to check for version drift in external dependencies.scripts/security_admission_pipeline.pyexecutes theskillspectorscanner (or a user-specified command) to integrate external security evidence.- [COMMAND_EXECUTION]: The
scripts/security_admission_pipeline.pyscript manages the local skill catalog by copying and moving directories usingshutiloperations. These actions are used for installing, updating, or quarantining skills and require explicit user confirmation via CLI flags.
Audit Metadata