client-dev
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes official SDKs (@modelcontextprotocol/sdk, @contextvm/sdk) and recommends a code generation tool (@contextvm/ctxcn) which are downloaded from the npm registry.
- [COMMAND_EXECUTION]: Users are guided to execute the 'ctxcn' CLI utility using 'npx' to automate the generation and initialization of client-side code.
- [DATA_EXFILTRATION]: The skill facilitates network connections to external Nostr relays, such as 'wss://relay.contextvm.org' and 'wss://cvm.otherstuff.ai', which are required to transmit MCP messages.
- [CREDENTIALS_UNSAFE]: The application implementation requires a Nostr private key ('CLIENT_PRIVATE_KEY') for signing events, and the templates suggest providing this sensitive credential through environment variables.
Audit Metadata