flutter-autonomous

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill automates the installation of several legitimate development tools during the bootstrap process, including the Fast Node Manager (fnm) from Vercel, mobilecli from the @mobilenext NPM registry, and patrol_cli via the Dart package manager.
  • [COMMAND_EXECUTION]: To achieve autonomous operation, the skill configures a 'PostToolUse' hook in the .claude/settings.json file. This hook automatically runs shell commands to format and analyze Flutter code whenever files are modified, ensuring code quality throughout the development cycle.
  • [COMMAND_EXECUTION]: The skill makes extensive use of mobile development utilities such as Android Debug Bridge (adb), Xcode simctl, and mobilecli to manage device lifecycles, perform UI inspections, and execute automated tests.
  • [REMOTE_CODE_EXECUTION]: A script (scripts/bootstrap.sh) fetches an installation script for fnm from fnm.vercel.app and pipes it to bash. As Vercel is a well-known technology provider, this is categorized as a safe administrative task within the context of a development environment setup.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 06:03 PM
Security Audit — agent-trust-hub — flutter-autonomous