tool-search
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a local tool search mechanism based on keyword matching and scoring against a tool manifest.
- [DATA_EXPOSURE]: The skill reads from '.claude/config/tool-manifest.json'. This file contains metadata about available tools (names, descriptions, and categories) and does not contain sensitive user credentials, SSH keys, or private environment variables.
- [COMMAND_EXECUTION]: The provided Node.js scripts (main.cjs, hooks) contain deterministic logic for parsing arguments and processing JSON data. There are no instances of dynamic code execution (e.g., eval, exec) or unsanitized shell command spawning.
- [EXTERNAL_DOWNLOADS]: No network activity was detected. The skill does not fetch remote resources, scripts, or binary files.
- [PROMPT_INJECTION]: The SKILL.md and associated rule files focus on operational efficiency and tool management instructions without attempting to override model safety filters or bypass system constraints.
Audit Metadata