vibe-kanban
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and runs the vibe-kanban package from NPM via npx commands in scripts/start.sh and configuration files. It also references the official vibekanban/vibe-kanban Docker image.
- [REMOTE_CODE_EXECUTION]: Runtime execution of the vibe-kanban package occurs through npx, which is the primary mechanism for launching the Kanban board and MCP server.
- [COMMAND_EXECUTION]: The skill uses shell scripts to perform Git operations, such as creating and pruning worktrees (git worktree) and managing branches, which are necessary for workspace isolation.
- [SAFE]: The scripts/mcp-setup.sh script automates the configuration of local agent settings (e.g., Claude Desktop config) to integrate the vibe-kanban MCP server, following standard installation patterns.
- [SAFE]: API keys and tokens are handled using environment variables and .env templates, adhering to best practices for local secret management without evidence of external data exposure.
Audit Metadata