hve-core-installer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Repository Access: The skill clones the HVE-Core repository directly from its official GitHub home. This is the primary method for delivering the agents, prompts, and instructions to the user's workspace.
- Command Execution: To facilitate installation, the skill executes common development tools such as
git,code(for extension installation), andnpx(for MCP server configuration). These commands are standard for modern development environment setups. - Script Generation and Execution: The installer dynamically generates PowerShell or Bash scripts based on the detected environment and the user's selected installation method. This ensures compatibility across different operating systems and development contexts.
- Workspace Configuration: The skill automates the configuration of
.vscode/settings.json,.vscode/mcp.json, and.gitignore. This automation ensures that the HVE-Core agents and instructions are correctly indexed by the environment. - User Authorization Guardrails: A key security feature of this skill is the inclusion of mandatory consent checkpoints. The agent is instructed to explain planned changes and wait for explicit user approval before modifying settings or copying files.
Audit Metadata