unavatar-api
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of Markdown documentation for the unavatar.io API. It describes endpoints and usage patterns without providing any executable scripts or local code files.
- [NO_CODE]: No logic files, scripts, or binaries are included in the skill package. All functionality is externalized to a third-party API service.
- [DATA_EXFILTRATION]: While the documentation describes sending user identifiers (such as emails, usernames, and phone numbers) to an external domain (unavatar.io), this is the primary and disclosed purpose of the skill. The target domain is the official endpoint for the service provided by the skill author.
- [CREDENTIALS_UNSAFE]: Documentation uses standard placeholders such as 'YOUR_API_KEY' and 'KEY' for authentication examples, following best practices for secret management.
Audit Metadata