llmf
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
xcommand-line tool (part of the x-cmd ecosystem) to manage local models, start an OpenAI-compatible API server, and execute prompts via the command line. - [EXTERNAL_DOWNLOADS]: It provides commands for downloading model files (GGUF or llamafile formats) into the local directory
~/.x-cmd/data/llmf/model/. This facilitates the core functionality of running models locally. - [SAFE]: The documented behaviors are entirely consistent with the skill's purpose. The use of the author's own CLI tool and the local storage of model data follows standard operational patterns for this vendor without introducing unexpected security risks.
Audit Metadata