capgo-live-updates
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill instructions and code snippets align with the stated purpose of implementing the vendor's live update service.
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install official vendor packages (@capgo/cli, @capgo/capacitor-updater) and references the vendor's Docker image (capgo/capgo-server) for self-hosting options.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the core functionality of downloading and executing remote web assets (JS/HTML/CSS) from the vendor's update server (api.capgo.app). This is the intended purpose of the live update service.
- [COMMAND_EXECUTION]: Provides standard CLI commands for logging in, initializing the project, and uploading update bundles to the Capgo dashboard.
- [CREDENTIALS_UNSAFE]: References API keys and private keys using clearly labeled placeholders (e.g., YOUR_API_KEY, YOUR_PRIVATE_KEY), which is consistent with instructional documentation.
Audit Metadata