sync-skills-manager
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts (
sync-skills.sh,sync-skills-3way.sh) to execute local system commands such asrsync,find,ln,cp, andrm. These are used for synchronizing skill folders between the repository and local agent directories (e.g.,~/.claude/skills). This behavior is consistent with the skill's primary purpose as a management tool. - [SAFE]: No network operations or external data transmissions were detected. The skill does not use
curl,wget, or any networking libraries in its Python scripts. - [SAFE]: No signs of obfuscation, hardcoded credentials, or prompt injection attempts were found. The code is transparent and follows security best practices, such as providing dry-run modes and creating backups before destructive operations.
- [SAFE]: The Python scripts perform directory scanning and auditing of local configuration paths. While these paths contain agent-specific data, the manager only interacts with folders identified as 'skills' (those containing a
SKILL.mdfile) and does not access sensitive system or user configuration files beyond the specified agent directories.
Audit Metadata