Skills
skills/xixu-me/skills/xdrop/Gen Agent Trust Hub

xdrop

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local scripts (upload.mjs and download.mjs) executed via the Bun runtime to manage file operations and network requests.
  • [DATA_EXFILTRATION]: Performs file uploads to user-defined Xdrop servers. While this involves sending local data to a remote endpoint, it is the primary intended function of the skill and requires user-provided configuration (server URL).
  • [EXTERNAL_DOWNLOADS]: Fetches encrypted data and manifests from remote servers during the download and decryption process.
  • [SAFE]: Includes a robust sanitizePath function in scripts/download.mjs that prevents directory traversal attacks by filtering out '..' segments and stripping dangerous characters from server-provided filenames.
  • [SAFE]: Employs standard cryptographic practices using node:crypto and crypto.subtle for AES-GCM encryption and HKDF key derivation, ensuring file content remains encrypted while stored on the intermediary server.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 11:53 PM