caido-mode
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official
@caido/sdk-clientpackage to interact with the Caido API, which is the standard and recommended approach for integration. - [SAFE]: Sensitive credentials, such as Personal Access Tokens (PATs) and access tokens, are persisted locally in
~/.claude/config/secrets.json. This implements a standard and documented session management pattern for the environment. - [SAFE]: Network activity is restricted to the Caido instance URL provided by the user (defaulting to localhost), with no evidence of unauthorized data exfiltration.
- [SAFE]: The skill includes robust output controls, such as the
--max-bodyand--compactflags, to prevent large HTTP responses from overwhelming the agent's context window.
Audit Metadata