matrix-administration
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate administration functionality for Matrix Synapse homeservers, including room management, health auditing, and user deactivation.
- [COMMAND_EXECUTION]: The script
scripts/synapse-graph.pyusessubprocess.runto call the Graphvizdotutility for rendering SVGs. The implementation uses a list of arguments without a shell, preventing shell injection vulnerabilities. - [CREDENTIALS_UNSAFE]: The skill correctly handles the Matrix admin token by requiring users to store it in a local configuration file (
~/.config/matrix/config.json) and provides clear warnings in theSKILL.mdandreferences/safety-guide.mdabout the sensitivity of this token. - [DATA_EXFILTRATION]: All network requests are directed to the user-configured homeserver URL. The
_lib/admin_http.pymodule includes a scheme validator to ensure requests only use HTTP/HTTPS. - [EXTERNAL_DOWNLOADS]: The skill is self-contained and does not fetch or execute remote code at runtime.
Audit Metadata