preview-widget
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local developer tools such as flutter and chrome/chromium. It provides flexibility by allowing these paths to be overridden via environment variables (FLUTTER_BIN, CHROME_BIN), which is standard for cross-platform developer tools.
- [DATA_EXFILTRATION]: Network communication is strictly limited to localhost. The screenshot script uses a regex to ensure it only targets local loopback addresses (127.0.0.1 or localhost), preventing unauthorized external requests.
- [SAFE]: The skill is well-documented, includes a full suite of automated tests, and shows no signs of malicious intent, obfuscation, or data exfiltration. It follows security best practices such as using isolated browser profiles for headless operations.
Audit Metadata