Skills
skills/bytedance/deer-flow/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands via the 'claude' CLI and 'lsof' utility.
  • Evidence: Found in scripts/run_eval.py, scripts/improve_description.py, and eval-viewer/generate_review.py using subprocess.run and subprocess.Popen.
  • Purpose: These commands are used to test skill triggering, optimize descriptions using the model, and manage ports for the local evaluation viewer server.
  • [EXTERNAL_DOWNLOADS]: The evaluation viewer references an external library from a well-known CDN.
  • Evidence: eval-viewer/viewer.html includes a script tag fetching the SheetJS library from cdn.sheetjs.com.
  • Purpose: This library is used to render Excel (.xlsx) files within the local evaluation report for user review.
  • [COMMAND_EXECUTION]: The skill modifies file permissions for newly created scripts.
  • Evidence: scripts/init_skill.py uses chmod(0o755) on generated example scripts.
  • Purpose: This is a standard operation to ensure that initialized scripts are executable by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 09:28 AM