clack
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The
scaffold-clack.shscript performs standard local file operations (creating directories and copying templates) to initialize a project. It uses proper shell quoting for variables, preventing basic command injection vulnerabilities.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill identifies and recommends standard, well-known Node.js packages (@clack/prompts,@clack/core) for installation via official package managers. No unauthorized or suspicious remote downloads are performed.\n- [DATA_EXFILTRATION] (SAFE): Analysis of the scripts and templates shows no evidence of sensitive data access or exfiltration. The code is focused on terminal user interface logic and basic validation.\n- [PROMPT_INJECTION] (SAFE): The instructions inSKILL.mdare professional and task-oriented, without any attempts to override system prompts or bypass safety guidelines.
Audit Metadata