kubb
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of markdown documentation and configuration examples for the Kubb code generation tool.
- [EXTERNAL_DOWNLOADS]: The documentation describes the tool's capability to fetch OpenAPI specifications from remote URLs as defined in the configuration.
- [COMMAND_EXECUTION]: The documentation explains how users can configure lifecycle hooks to execute shell commands (e.g., for linting or type-checking) after the code generation process finishes.
- [DATA_EXFILTRATION]: The documentation clearly describes a telemetry feature that sends anonymous usage data to a remote endpoint (kubb.dev) and provides instructions for disabling it via environment variables.
- [CREDENTIALS_UNSAFE]: The documentation mentions environment variables used for authentication with external services (KUBB_AGENT_TOKEN), but no actual secrets or tokens are hardcoded within the skill itself.
Audit Metadata