ssl-checker
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): In 'references/notify.md', the skill instructs the agent to install 'mcp-email@1.0.0' using 'npx'. This package is not from a trusted organization. Running unverified code from a public registry poses a supply chain risk.
- Command Execution (MEDIUM): 'SKILL.md' defines a step to execute 'node scripts/ssl-checker.js'. However, the source code for this script was not provided in the skill package, preventing verification of how it handles network requests or if it performs unauthorized actions.
- Indirect Prompt Injection (LOW): The skill processes untrusted data from external servers (SSL certificates). Ingestion points: 'scripts/ssl-checker.js' (network connection to target domains). Boundary markers: None identified. Capability inventory: Network access (HTTPS), email sending via MCP. Sanitization: Not visible as the logic script is missing.
Audit Metadata