Skills
skills/arcblock/myvibe-skills/myvibe-publish/Gen Agent Trust Hub

myvibe-publish

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes various system commands to manage its operations. It uses npm install for dependency management, git for repository metadata extraction, and spawns npx http-server to serve local content for screenshots. It also executes the agent-browser utility for automated visual capture of the web content.
  • [EXTERNAL_DOWNLOADS]: Necessary utilities are retrieved from external sources. The skill installs the agent-browser package from the NPM registry if it's not present and uses npx to dynamically run http-server. These tools are standard for the skill's stated workflow.
  • [DATA_EXFILTRATION]: Project files and generated screenshots are uploaded to the MyVibe service (defaulting to https://www.myvibe.so). This data transmission is the core functionality of the skill and occurs following a user confirmation step.
  • [CREDENTIALS_UNSAFE]: Authentication tokens are stored in the user's home directory (~/.myvibe/myvibe-connected.yaml) using the @aigne/secrets library. This library attempts to utilize the system's secure keyring for storage, reducing the risk of unauthorized access to credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 10:31 AM