check-login-skill
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates with a local JSON-RPC server at 127.0.0.1, which is a whitelisted and expected behavior for local tool integration.
- [COMMAND_EXECUTION]: The skill executes a provided Node.js script using the permitted bash tool to automate the login verification process.
- [SAFE]: File system activity is limited to writing a temporary QR code image to /tmp/xiaohongshu_qrcode.png for the user to scan.
- [SAFE]: The script ingests and parses JSON data from the local tool's output to determine login status, which is a routine data handling operation for this use case.
Audit Metadata