nix-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references external Nix flake inputs from GitHub repositories such as NixOS/nixpkgs and numtide/flake-utils. These are industry-standard ecosystem components, though they fall outside the strictly defined trusted organization whitelist. It also references third-party user examples like 0xBigBoss/atlas-overlay, which should be verified before use.
- REMOTE_CODE_EXECUTION (LOW): Includes templates for using pkgs.fetchurl to download remote binaries and chmod +x to make them executable within a Nix derivation. This is an idiomatic way to handle binary overlays in Nix but inherently involves executing external, pre-compiled code.
- COMMAND_EXECUTION (LOW): Demonstrates the use of shellHook in mkShell to run bash commands (e.g., export, echo) when a developer environment is loaded, which is a standard and powerful Nix feature.
Audit Metadata