Skills
skills/module-federation/core/mf-module-info/Gen Agent Trust Hub

mf-module-info

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses Node.js http and https modules to fetch mf-manifest.json files from URLs provided by the user or resolved from local configurations. This is essential for its core functionality of inspecting remote modules.
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script (scripts/module-info.js) using the Bash tool. The command construction involves passing arguments such as module names and JSON-encoded context, which are handled as standard CLI parameters for the internal helper script.
  • [DATA_EXPOSURE]: While the script processes an MFContext-JSON string, this data is derived from the local project configuration to resolve module URLs and is not exfiltrated to external third-party servers beyond the target module's host.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:17 PM