tiangong-kb-sci-search

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected in the skill's instructions or scripts.\n- [EXTERNAL_DOWNLOADS]: The skill uses npx to execute the @tiangong-ai/cli package from the npm registry. This is an expected and legitimate dependency provided by the skill's author.\n- [COMMAND_EXECUTION]: The sci_search.sh wrapper script securely constructs CLI commands using bash arrays and processes JSON input with jq, effectively preventing command injection vulnerabilities.\n- [CREDENTIALS_UNSAFE]: Authentication is managed through environment variables or local configuration files, following standard security practices for CLI tools without using hardcoded secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:38 AM
Security Audit — agent-trust-hub — tiangong-kb-sci-search