secret-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill runs local shell commands (grep, git) to scan for secrets. These operations are essential for the tool's primary purpose and do not pose a security risk.
- EXTERNAL_DOWNLOADS (LOW): The skill automates the installation of 'truffle-hog' through pip. While this involves downloading an external package from a non-trusted source, it is a well-known industry tool required for the skill's functionality.
- DATA_EXFILTRATION (SAFE): Although the tool reads sensitive files like .env, all processing is performed locally. There is no code indicating that the discovered secrets are transmitted to external servers.
- PERSISTENCE (SAFE): The skill provides scripts to install a git pre-commit hook. This persistence is a documented security feature intended to provide continuous secret scanning and is not considered a malicious activity.
Audit Metadata