Skills
skills/hence-sh/hence-skills/hence-collections/Gen Agent Trust Hub

hence-collections

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python scripts (auth.py and collections.py) to perform operations. These scripts are invoked with standard arguments to list, create, or modify user collections.
  • [EXTERNAL_DOWNLOADS]: The scripts communicate with https://hence.sh/api for authentication and data management. This is the vendor's official domain and is consistent with the skill's primary purpose.
  • [CREDENTIALS_UNSAFE]: The authentication script saves access and refresh tokens to ~/.hence/credentials and ~/.hence/token. While these files contain sensitive data, this is standard behavior for CLI tools managing local sessions.
  • [DATA_EXFILTRATION]: Project and collection metadata is transmitted to the Hence API. This is the intended functionality of the skill and does not involve unauthorized third-party domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:00 AM