tiangong-kb-sci-search
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected in the skill's instructions or scripts.\n- [EXTERNAL_DOWNLOADS]: The skill uses
npxto execute the@tiangong-ai/clipackage from the npm registry. This is an expected and legitimate dependency provided by the skill's author.\n- [COMMAND_EXECUTION]: Thesci_search.shwrapper script securely constructs CLI commands using bash arrays and processes JSON input withjq, effectively preventing command injection vulnerabilities.\n- [CREDENTIALS_UNSAFE]: Authentication is managed through environment variables or local configuration files, following standard security practices for CLI tools without using hardcoded secrets.
Audit Metadata