codebuddy-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or unauthorized behaviors were detected. All scripts and configurations provided are consistent with standard DevOps practices.
- [COMMAND_EXECUTION]: The skill provides functional templates for
release.shandrollback.shwhich utilize SSH and SCP for remote server management. These operations are core to the skill's purpose as a deployment tool and are documented with security constraints such as using non-root accounts. - [EXTERNAL_DOWNLOADS]: The deployment workflow includes the use of
npm cifor installing project dependencies on the target server, which is a standard industry practice for Node.js deployments. - [CREDENTIALS_UNSAFE]: While the documentation mentions environment variables and secrets (e.g.,
MYSQL_PASSWORD), it correctly uses placeholders (***) and provides specific rules to ensure sensitive files like.envare not included in deployment packages.
Audit Metadata