recallloom
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs periodic package support checks by fetching a JSON advisory from the author's official repository on GitHub. This is handled by
scripts/core/support/cache.pyusing Python'surllib.request.urlopen. The URL targeted ishttps://raw.githubusercontent.com/Frappucc1no/recall-loom/main/release-advisory.json. This behavior is documented in the skill's support policy and is used solely for maintenance and versioning. - [COMMAND_EXECUTION]: The skill utilizes
subprocess.runin several scripts for legitimate coordination and discovery tasks: scripts/recallloom.pyuses it as a unified entry point to execute other internal Python scripts based on user commands (e.g.,init,validate).scripts/core/coldstart/sources.pyuses it to executegit logto extract recent commit history as an optional signal for project context.- [DATA_EXFILTRATION]: The skill implements a dedicated defensive layer in
scripts/core/safety/attached_text.py. This script contains regex patterns to scan text for sensitive content (tokens, API keys, SSH keys) and prompt injection markers (e.g., "ignore previous instructions"). This is a security feature designed to prevent the agent from accidentally reading or writing malicious or sensitive content during context restoration. - [NO_CODE]: The skill provides templates in the
native_commands/directory for host-specific integrations (Claude Code, Gemini CLI, OpenCode). These templates utilize platform-native execution syntax (e.g.,!commands) to call the RecallLoom dispatcher. These are intended to be installed locally by the user to provide convenient shortcuts.
Audit Metadata