install-civitai-videoflow-bundle
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Clones the civitai-agent-skills repository from the author's official GitHub account (github.com/feed-mob/civitai-agent-skills.git) or supports a manual ZIP upload for local extraction. This behavior is consistent with the skill's purpose as a bundle installer.
- [REMOTE_CODE_EXECUTION]: Installs sub-skills using npx skills add from the cloned repository. This action registers external code components within the agent environment as requested by the user.
- [COMMAND_EXECUTION]: Executes multiple system commands including git clone, git pull, unzip, and npx to perform installation tasks. It also invokes a videoflow script for smoke testing the installation.
- [CREDENTIALS_UNSAFE]: Performs presence-only checks for sensitive environment variables like DUOMI_API_TOKEN and IMAGEKIT_PRIVATE_KEY. The skill includes explicit instructions to avoid printing the actual values of these credentials.
Audit Metadata