developer-tools
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The template references official, highly-vetted Node.js libraries (commander, chalk, ora, inquirer, conf) for standard CLI functionality. No untrusted or suspicious download sources are included.
- DATA_EXFILTRATION (SAFE): Although the tool handles an API key for configuration purposes, it uses the 'conf' package to store it locally on the user's file system. No code exists to transmit this data over the network.
- COMMAND_EXECUTION (SAFE): The script defines a command-line interface but does not utilize any functions to execute arbitrary shell commands or external processes (such as child_process.exec).
- REMOTE_CODE_EXECUTION (SAFE): The boilerplate does not include any mechanisms for fetching or running remote scripts, nor does it use dynamic evaluation methods like eval() or Function().
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata