Skills
skills/garfield-bb/hap-skills-collection/hap-view-plugin/Gen Agent Trust Hub

hap-view-plugin

Fail

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs Mac OS users to execute a global package installation using sudo (sudo npm install -g mdye-cli), which grants administrative privileges to the installation script.
  • [COMMAND_EXECUTION]: The skill contains multiple instructions for the agent to execute shell commands on the user's behalf, including environment verification (node --version), project initialization (mdye init), and starting a local development server (mdye start).
  • [EXTERNAL_DOWNLOADS]: The skill installs an external package mdye-cli from a public registry and suggests configuring a third-party registry mirror (registry.npmmirror.com). It also requires running npm i to download project-specific dependencies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 24, 2026, 08:25 AM