Skills
skills/httprunner/skills/piracy-handler/Gen Agent Trust Hub

piracy-handler

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill extensively uses child_process.spawnSync to execute external utilities and scripts. In scripts/shared/lib.ts, the sqliteJSON function executes shell commands using sqlite3. While current internal usage sanitizes inputs, the function itself is a powerful primitive for arbitrary SQL execution. Additionally, functions like runTaskFetch and runTaskCreate execute scripts using npx tsx within a directory located at ../../../feishu-bitable-task-manager, creating a dependency on code outside the skill's own scope.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill performs network requests to external services. scripts/data/result_source.ts uses fetch to query Supabase REST APIs, and scripts/whitelist_check.ts calls a custom crawler service API at CRAWLER_SERVICE_BASE_URL.
  • [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials were found. Sensitive keys such as FEISHU_APP_SECRET and SUPABASE_SERVICE_ROLE_KEY are correctly managed via environment variables.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 11:08 AM