agora
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches official documentation and OpenAPI specifications from trusted Agora domains including
docs.agora.ioanddocs-md.agora.io. - [EXTERNAL_DOWNLOADS]: Clones official quickstart and sample repositories from the
AgoraIO-Conversational-AIGitHub organization, which is a trusted vendor source. - [REMOTE_CODE_EXECUTION]: Instructs the agent to install official development tools such as
agoraio-cliandbunusing the system's package manager (npm install -g). These installations are part of the intended developer onboarding flow and target well-known, trusted packages. - [COMMAND_EXECUTION]: Utilizes the Agora CLI (
agora) to perform project readiness checks, enable features likeconvoai, and export environment configuration. These actions are scoped to the developer's project management and are performed using the official tool. - [DATA_EXFILTRATION]: Handles sensitive project credentials (App ID, App Certificate, Customer Secrets) by instructing the agent to export them from the CLI and write them into local
.env.localfiles. This follows standard local secret management practices and does not involve sending data to unauthorized external domains.
Audit Metadata