xrift-sdk
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely documentation-based, providing instructions and templates for using a specific developer SDK. No malicious instructions, obfuscation, or unauthorized access patterns were detected.
- [EXTERNAL_DOWNLOADS]: References to external resources, such as the
@xrift/sdknpm package and the GitHub repositoryWebXR-JP/xrift-sdk, are legitimate and consistent with the skill's stated purpose of documenting the SDK. These resources belong to the author's own infrastructure. - [DATA_EXFILTRATION]: The documented upload flow correctly identifies
api.xrift.netas the platform's API endpoint. The skill explicitly advises users to store API tokens in environment variables rather than hardcoding them, which is a recommended security practice. - [COMMAND_EXECUTION]: The provided code templates use standard file system operations (
fs.readFile) and network requests (fetch) required for the SDK to function. All file access and network operations are scoped to the intended task of uploading 3D assets to the XRift platform.
Audit Metadata