zustand-state-management
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- COMMAND_EXECUTION (SAFE): The script "scripts/check-versions.sh" performs version checks using "npm view" and "node". This is a standard development utility for verifying project dependencies and does not pose a security risk.
- EXTERNAL_DOWNLOADS (SAFE): While an automated scan flagged a suspicious URL ("state.in"), a manual review indicates this is a false positive. The string likely appeared as a substring of legitimate code (e.g., "state.inStock") in the provided templates. All other URLs point to official documentation or reputable community resources (GitHub, Dev.to).
- DATA_EXFILTRATION (SAFE): The skill does not access sensitive system files or credentials. Network operations in the templates are placeholders ("api.example.com") for instructional purposes.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata