api-credentials
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill follows its stated purpose of managing API credentials for local development or legacy support. No malicious behaviors were identified.
- DATA_EXPOSURE (SAFE): While the skill accesses sensitive data (API keys), this is its primary intended function. The implementation includes a masking function (
get_api_key_masked) to prevent accidental full key exposure in logs or terminal output. - CREDENTIALS_UNSAFE (SAFE): No hardcoded secrets were found in the code or documentation. The examples correctly use placeholders (e.g.,
sk-ant-api03-...) instead of real credentials. - COMMAND_EXECUTION (SAFE): The Python scripts use standard library modules (
os,json,pathlib) for file and environment access. No dangerous subprocess calls or shell executions were detected.
Audit Metadata