macos-cleaner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The scripts use 'subprocess.run' with argument lists for system tools like 'du', 'find', and 'df'. This method is inherently safe against shell injection vulnerabilities as it avoids shell interpretation.
- [DATA_EXFILTRATION] (SAFE): No network-capable libraries (e.g., requests, urllib) or network commands (e.g., curl, wget) are present. All analyzed data remains on the local machine.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials, API keys, or private tokens were found in the codebase. The 'safe_delete.py' script includes explicit warnings to prevent the accidental deletion of sensitive directories like '.ssh'.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download or execute code from external sources. It relies exclusively on Python standard libraries and pre-installed system binaries.
- [PROMPT_INJECTION] (SAFE): No instances of instruction overrides or malicious prompt patterns were detected in the documentation or scripts.
- [DATA_EXPOSURE] (SAFE): While the script accesses file metadata (names and sizes) to perform its core function, it does not read or expose the contents of sensitive files.
Audit Metadata