service-worker
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns were detected. The skill consists of instructional content and code snippets for Service Worker development.
- [EXTERNAL_DOWNLOADS]: The documentation mentions the
web-pushNode.js package. This is a well-known library for implementing the Web Push protocol and is suggested as a standard dependency for the server-side portion of the implementation described. - [COMMAND_EXECUTION]: The documentation includes standard CLI commands like
npx web-push generate-vapid-keysfor generating application server keys. These are provided as educational examples for the user's own development environment. - [DATA_EXPOSURE_AND_EXFILTRATION]: The code snippets include placeholders for VAPID keys (e.g., 'BNbxG...', '3KW9e...') and example API endpoints (e.g., '/api/push/subscribe'). These are standard documentation placeholders and do not represent hardcoded credentials or data exfiltration attempts.
Audit Metadata