check-tools
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes shell scripts (
assets/check-tools.shandassets/environment-diagnostic.sh) that execute a wide range of system commands (e.g.,uname,hostname,df,ps,env) and tool-specific version checks (e.g.,python3 --version,node --version,gcc --version). These are the primary mechanisms for environment validation and diagnostics. - [EXTERNAL_DOWNLOADS]: The reference file
references/tool-categories.mdcontains numerous examples of installation commands that fetch content from external sources. These include scripts and binaries from trusted organizations and well-known services such as GitHub, Python.org, Google, and NodeSource. These commands are provided for user reference in documentation and are not directly executed by the skill's scripts. - [SAFE]: A static analysis detection regarding a potentially destructive system command (
rm -rf) inreferences/tool-categories.mdwas manually reviewed and determined to be a false positive. The command in question issudo rm -rf /usr/local/go, which is a standard procedure for cleaning up an existing Go installation before upgrading, and it appears only within instructional markdown content. - [DATA_EXPOSURE]: The diagnostic script gathers system metadata, including process lists, hardware details, directory structures, and a whitelisted set of environment variables. This collection is consistent with the skill's stated purpose of providing comprehensive environment diagnostics.
Audit Metadata