groove-admin-update
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the latest version metadata from GitHub's public API (api.github.com) and uses npx to retrieve updated skill files from the author's repository (andreadellacorte/groove). These actions are consistent with the skill's primary purpose and target well-known, trusted infrastructure.
- [COMMAND_EXECUTION]: It utilizes shell commands to manage local files, including creating and updating symbolic links in .claude/skills and .cursor/skills directories to ensure the agent platform recognizes the updated skills.
- [REMOTE_CODE_EXECUTION]: The skill is designed to execute migration files (scripts) downloaded from the remote repository during the update process. This is the core mechanism of the administrative update and is sourced from the vendor's own code.
Audit Metadata