jscpd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): Executes the
jscpdcommand-line utility for code duplication analysis. This is a standard static analysis task for measuring technical debt. - EXTERNAL_DOWNLOADS (LOW): Utilizes
bunxto dynamically pull thejscpdpackage from the npm registry. While this involves executing remote code, it is a standard practice for Node.js/Bun tooling and uses a reputable public package. - DATA_EXFILTRATION (SAFE): The skill facilitates reading local source code for analysis. It does not contain any patterns for unauthorized network transmission or access to sensitive configuration files.
Audit Metadata