yandex-metrica
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: Extensive analysis of the shell scripts and documentation reveals no malicious behavior, persistence mechanisms, or attempts at privilege escalation.
- [EXTERNAL_DOWNLOADS]: The skill connects to official and well-known Yandex services, specifically api-metrika.yandex.net and oauth.yandex.ru, to retrieve analytics data and perform authentication.
- [COMMAND_EXECUTION]: The skill's functionality is provided through localized Bash scripts that use standard tools like curl for API requests, jq for JSON parsing, and python3 for basic string URL encoding.
- [SAFE]: Credentials are managed via a local config/.env file. The provided setup script (get_token.sh) uses secure input methods (read -rs) to handle sensitive OAuth tokens during configuration.
Audit Metadata