evernote-local-dev-loop
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user (or agent) to execute standard development commands such as
npm install,mkdir, andnodeto initialize a local project and run a development server. - [EXTERNAL_DOWNLOADS]: The skill specifies installation of well-known, legitimate Node.js packages (
evernote,express,dotenv,nodemon,express-session) from the official npm registry. - [CREDENTIALS_UNSAFE]: Sensitive configuration is handled via environment variables with clear placeholders (e.g.,
your-consumer-key). A default session secret is provided for development use with a warning to change it for production, which is consistent with best practices for development guides. - [DATA_EXFILTRATION]: The skill implements a local OAuth flow and data operations that target the official Evernote sandbox domain (
sandbox.evernote.com) and the local development server, with no evidence of unauthorized data transfer to unknown domains.
Audit Metadata