heropy-react-scaffold
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes official project initialization commands including
create-next-appandcreate viteto establish a project foundation. - [COMMAND_EXECUTION]: It uses system-detected package managers (npm, pnpm, yarn, or bun) to install development dependencies and plugins.
- [EXTERNAL_DOWNLOADS]: Downloads standard, well-known development packages such as
@tanstack/react-queryandtailwindcssfrom the official npm registry. - [SAFE]: Reads local metadata files like
package.jsonand lock files solely to detect the current project state and package manager preference, ensuring it does not overwrite existing configurations. - [SAFE]: Generates standard configuration files for Prettier and VSCode settings to assist in project setup without introducing malicious code or accessing sensitive system files.
- [SAFE]: External references point to the author's legitimate technical documentation site (heropy.dev) for user guidance.
Audit Metadata