evernote-observability
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides boilerplate and implementation guides for observability using standard industry libraries like winston, prometheus-client, and OpenTelemetry.
- [SAFE]: The logging implementation specifically includes a redaction mechanism using regular expressions to mask Evernote authentication tokens (
S=s\d+:U=...) and API keys before they are written to logs or stdout. - [SAFE]: All identified dependencies (evernote, winston, express, prom-client) are legitimate, well-known packages used for their intended purposes.
- [SAFE]: No suspicious command execution, privilege escalation, or persistence mechanisms were detected. The use of Proxy for instrumentation is a standard pattern for transparently adding metrics to existing client libraries.
Audit Metadata