lck-analytics
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The utility file
scripts/_lib.jsexecutesnpm root -gviaexecFileSyncto programmatically determine the installation directory of global packages. This behavior is used to locate dependency files on the host system.\n- [REMOTE_CODE_EXECUTION]: TheSKILL.mdfile instructs the agent to execute Node.js logic through shell heredocs. This logic uses dynamicimport()to load and run code from thelck-analyticsNPM package, which effectively executes logic sourced from an external repository.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of thelck-analyticspackage from the public NPM registry. While intended as the core engine, this package is an unverified third-party dependency.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with official Riot Games data endpoints (feed.lolesports.com) to retrieve live match statistics. This is documented as a necessary data source for the skill's functionality.\n- [COMMAND_EXECUTION]: The provided workflows involve the agent running multiple standalone scripts (analyze-live-game.js,build-match-report.js, etc.) that manage a local file-based cache and generate JSON reports, necessitating broad file system access.\n- [PROMPT_INJECTION]: The skill uses directive language ('패키지가 없으면 다른 방법으로 우회하지 말고 먼저 전역 설치를 시도한다') to strictly guide the agent toward specific installation behaviors and environment setups.
Audit Metadata