review-security
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a legitimate security tool with no detected malicious intent, obfuscation, or data exfiltration mechanisms.
- [COMMAND_EXECUTION]: The skill utilizes well-known ecosystem-specific auditing tools like npm audit, pip-audit, and govulncheck to check for dependency vulnerabilities. These commands are executed as part of the tool's core functionality to improve project security.
- [SAFE]: The instructions for identifying hardcoded secrets use regular expressions to help users find sensitive data in their own code, which is an intended and documented feature.
Audit Metadata