vask-realtime
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to manage temporary files and initiate an SSH connection to the Vask signup gateway on the vendor's infrastructure.
- [EXTERNAL_DOWNLOADS]: The agent connects to an external host (
vask.sh) to retrieve project-specific credentials. The skill employs a pinned SSH host key and temporary host files to ensure the integrity and security of the remote connection. - [CREDENTIALS_UNSAFE]: The skill manages Pusher-compatible application secrets. It includes explicit safety instructions to prevent the agent from directly accessing or exposing the user's private SSH keys, and provides guidance on storing retrieved credentials securely within the project's own secret management system.
Audit Metadata