Skills
skills/bgauryy/octocode-mcp/octocode-install/Gen Agent Trust Hub

octocode-install

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute octocode-cli and octocode-mcp at runtime. These are official components provided by the skill author for installation and tool operation.
  • [COMMAND_EXECUTION]: The skill executes various shell commands to perform system checks and installation tasks. Key operations include checking the Node.js version (node --version), verifying authentication status (npx octocode-cli status), and performing the actual installation of MCP servers and skills via the command line.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The installer reads and modifies sensitive configuration files for multiple IDEs (e.g., Cursor, Claude Desktop, VS Code, Windsurf) to register the Octocode MCP server. It also facilitates GitHub authentication through OAuth or by instructing the user to provide a Personal Access Token (PAT) for storage in environment variables or configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 02:17 PM