moai-cc-settings
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or prompt injections were detected within the skill files.
- [NO_CODE]: The skill consists entirely of Markdown documentation and a JSON configuration template, with no executable logic or scripts included.
- [CREDENTIALS_UNSAFE]: The template identifies necessary credentials such as ANTHROPIC_API_KEY and GITHUB_TOKEN but uses standard environment variable placeholders rather than hardcoded secrets.
- [COMMAND_EXECUTION]: The configuration template demonstrates security best practices by explicitly denylisting privileged commands like 'sudo' and network tools like 'curl'.
- [DATA_EXFILTRATION]: The skill includes a denylist for sensitive file paths (e.g., .env, secrets/**), which helps prevent accidental exposure of sensitive local data.
Audit Metadata