skills/jeremylongshore/claude-code-plugins-plus-skills/license-compliance-scanner/Gen Agent Trust Hub
license-compliance-scanner
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill configuration allows the use of the
Bash(npm:*)tool. This provides the agent with the ability to execute shell commands, which could be exploited to perform unauthorized actions on the host environment beyond the scope of license scanning. - [EXTERNAL_DOWNLOADS] (MEDIUM): The inclusion of
Bash(npm:*)in theallowed-toolslist permits the installation of third-party packages from the npm registry. Because the author is not a recognized trusted entity, this creates a risk of downloading and executing malicious dependencies. - [NO_CODE] (SAFE): The skill file currently only contains metadata and documentation. No executable logic, scripts, or binaries are shipped directly with the skill package itself.
Audit Metadata