tool-creator
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the creation of executable Node.js scripts (.cjs) within the .claude/tools/ directory. This is achieved through file system writes and permission modifications (chmod) to enable CLI execution.
- [COMMAND_EXECUTION]: The skill demonstrates dynamic code generation by injecting user-provided implementation logic into a pre-defined script template. This is a core feature for scaffolding new tools.
- Ingestion points: The --implementation argument in SKILL.md and the implementation parameter in scripts/main.cjs.
- Boundary markers: Code is encapsulated within an async main() function block in the generated file.
- Capability inventory: The skill leverages node:fs for writing files and the Bash tool for environment checks.
- Sanitization: Tool names are sanitized to prevent path traversal, though the implementation code itself is preserved as provided for tool functionality.
- [EXTERNAL_DOWNLOADS]: The skill identifies research requirements and references fetching academic papers from arxiv.org. ArXiv is a well-known academic repository and its use for gathering technical context is a standard research practice.
Audit Metadata