meta-plugin-creator
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a metadata tool for plugin development. All documentation and scripts are focused on legitimate structural validation and follow standard development practices.
- [COMMAND_EXECUTION]: The provided
scripts/validate-plugin.pyscript performs file system operations (globbing, reading JSON files, checking permissions) to validate plugin directories. These operations are local and restricted to the directory path provided by the user. - [EXTERNAL_DOWNLOADS]: The documentation references
npxcommands for adding related skills from the same author (oakoss). These are informative references to the author's own ecosystem and do not constitute an automated or hidden download risk. - [DATA_EXPOSURE]: Documentation mentions environment variables such as
GITHUB_TOKENfor private repository access. These are correctly identified as user-provided configuration for the Claude Code environment rather than hardcoded secrets within the skill.
Audit Metadata