Skills
skills/clix-so/skills/clix-integration/Gen Agent Trust Hub

clix-integration

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): Files such as references/mcp-integration.md and references/error-handling.md instruct users to install or run the @clix-so/clix-mcp-server package via npm or npx. This represents the download of unverified external code from a non-pre-trusted source.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The skill configures several MCP clients (Cursor, VS Code, etc.) to execute remote code using the npx -y @clix-so/clix-mcp-server@latest pattern. This allows the remote package to execute arbitrary logic in the user's environment. The severity is reduced from HIGH to MEDIUM as this is the primary intended purpose of the skill.
  • [COMMAND_EXECUTION] (LOW): The references/error-handling.md file mentions a validation script bash scripts/validate-sdk.sh. Although the script content is not provided, this indicates an expectation of local shell command execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:22 PM