gainforest-oauth-setup
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on external packages 'gainforest-sdk-nextjs' and 'jose' which are not from the trusted source list. These packages are essential for the OAuth flow and database interactions.
- [CREDENTIALS_UNSAFE] (LOW): The 'generate-oauth-key.js' script prints the generated ES256 private key directly to the terminal. While designed as a setup utility, this practice risks exposing sensitive credentials in shell history or environment logs.
- [COMMAND_EXECUTION] (SAFE): The provided scripts focus on cryptographic operations and do not contain malicious command execution patterns.
- [DATA_EXFILTRATION] (SAFE): No evidence of unauthorized data exfiltration was found; the documentation describes a standard server-side storage pattern for OAuth tokens.
Audit Metadata