opentui
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation instructs developers to use
bunx create-tui@latestfor scaffolding new projects. This command downloads and executes a project initializer from the npm registry, which is a standard development practice for modern JavaScript frameworks. - [COMMAND_EXECUTION]: The skill provides numerous examples of terminal-based operations, including project initialization, building native code with Zig, and running shell commands via Bun's shell utility (e.g.,
Bun.$). These are standard for a TUI development environment. - [DATA_EXFILTRATION]: Documentation covers the use of the OSC 52 protocol for clipboard interactions and standard
fetchAPIs for network requests in example code patterns. These are intended functional features for TUI applications. - [CREDENTIALS_UNSAFE]: The configuration guides correctly advise users to store sensitive information, such as API keys, in
.envfiles, aligning with industry security best practices for secret management.
Audit Metadata