keypo-signer
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the keypo-signer CLI tool from the vendor's official Homebrew tap and provides a link to the source repository on GitHub. These resources are maintained by the skill author (keypo-us) and are used for the primary functionality of the skill.
- [COMMAND_EXECUTION]: The skill uses the keypo-signer tool to execute subprocesses with environment variables injected from a secure vault. This behavior is documented as a security feature designed to prevent sensitive data from being exposed to the AI agent's context.
Audit Metadata