cli-anything-slay-the-spire-ii
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation process requires cloning a repository from the author's GitHub (github.com/HKUDS/CLI-Anything.git). This is a vendor-owned resource used for distributing the necessary CLI tools and bridge mod.
- [COMMAND_EXECUTION]: The skill utilizes a local CLI tool (
cli-anything-sts2) to interact with the game. It provides a comprehensive set of commands for game navigation, combat, and state management. - [DATA_EXFILTRATION]: The skill communicates exclusively with a local HTTP server at
localhost:15526. No network requests to external or unauthorized third-party domains were identified for data exfiltration. - [REMOTE_CODE_EXECUTION]: The installation instructions include running shell scripts (
build.sh,install_bridge.sh) to compile and install a .NET 9 plugin. These actions are performed by the user during setup and are consistent with the skill's primary purpose of installing a game mod bridge.
Audit Metadata