asset-canister
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The documentation includes high-quality security guidance, specifically warning against insecure root key fetching on mainnet and advising the use of certified assets over raw access to maintain data integrity. It also promotes the principle of least privilege by recommending specific permissions over full canister control.
- [EXTERNAL_DOWNLOADS]: The skill references installation of the official
icp-clivia Homebrew and SDK packages from NPM (@icp-sdk/canisters,@icp-sdk/core). These are verified vendor resources. - [COMMAND_EXECUTION]: The instructions involve running standard build and deployment commands such as
icp deployandnpm run build, which are legitimate operations for a frontend deployment tool.
Audit Metadata