Skills
skills/lanyuanxiaoyao/skills/lyxy-runner-js/Gen Agent Trust Hub

lyxy-runner-js

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary function is to execute JavaScript and TypeScript code using the bun command. This includes running local scripts and dynamically generated temporary files.
  • [EXTERNAL_DOWNLOADS]: Utilizes Bun's native capability to automatically detect and download dependencies from the npm registry at runtime when scripts contain import statements. This occurs without a package.json file.
  • [REMOTE_CODE_EXECUTION]: Documentation provides installation instructions for the Bun runtime via shell scripts from bun.sh. The skill includes safety instructions explicitly forbidding the AI agent from executing these installation commands automatically, ensuring they are only presented to the user.
  • [DATA_EXFILTRATION]: While the skill provides tools for code execution which could include network operations (e.g., using fetch or axios), there are no built-in malicious data exfiltration patterns. The network access is a standard feature of the runtime environment for its intended use cases like API interaction.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 01:23 AM