railway-auth
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill documentation and the
verify-auth.shscript interact with the officialrailwayCLI tool for legitimate authentication and status checks (e.g.,railway whoami,railway status). - [EXTERNAL_DOWNLOADS] (SAFE): The skill references the installation of the official
@railway/clipackage from the npm registry, which is the standard and trusted distribution method for this tool. - [DATA_EXFILTRATION] (SAFE): While the skill and script perform network operations using
curl, they communicate exclusively with the official Railway API endpoint (https://backboard.railway.com/graphql/v2). Sensitive tokens are transmitted only to the service that issued them for the purpose of authentication verification. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets or API keys were found in the skill files. Documentation correctly utilizes placeholders (e.g.,
<your-token>) and environment variables (RAILWAY_TOKEN,RAILWAY_API_TOKEN) to manage credentials securely.
Audit Metadata