land-and-deploy
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Bun installation script from
https://bun.sh/install, a well-known and official source for the Bun runtime. - [REMOTE_CODE_EXECUTION]: Runs the downloaded installation script via
bash. The skill implements a security best practice by verifying the file's integrity against a hardcoded SHA-256 checksum (BUN_INSTALL_SHA) before execution. - [COMMAND_EXECUTION]: Executes multiple local utility scripts and binaries located in
~/.claude/skills/gstack/bin/to handle project configuration, update checks, and deployment tasks. - [COMMAND_EXECUTION]: Records usage analytics and skill performance data to local files in
~/.gstack/analytics/. This telemetry functionality is governed by a clear user-consent flow initiated during the skill's first run.
Audit Metadata