Skills
skills/nodnarbnitram/claude-code-extensions/grafana-plugin-scaffolding/Gen Agent Trust Hub

grafana-plugin-scaffolding

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill utilizes npx to download and run official Grafana utilities such as @grafana/create-plugin and @grafana/sign-plugin. It also references the official grafana/grafana Docker image. These are reputable sources necessary for the skill's primary function.
  • [COMMAND_EXECUTION] (SAFE): Shell scripts (create_plugin.sh, dev_server.sh) are used to automate development workflows. These scripts include prerequisite checks for Node.js, npm, and Docker, and they safely handle user arguments through proper shell quoting.
  • [REMOTE_CODE_EXECUTION] (SAFE): Remote code execution is limited to the execution of official npm packages and Docker containers, which is the intended and documented behavior for a scaffolding tool of this type.
  • [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets were found. Placeholders for tokens and default Grafana credentials (admin/admin) are used strictly for local development documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM