pica-langchain
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Spawns a local subprocess using
npx @picahq/mcpto provide tool capabilities via the Model Context Protocol using stdio transport. This is the standard delivery method for the vendor's MCP server. - [EXTERNAL_DOWNLOADS]: References official packages from the vendor (
@picahq/mcp) and trusted organizations includinglangchain-aiandanthropics. These are well-known, reputable sources for AI development. - [CREDENTIALS_UNSAFE]: Explicitly recommends using environment variables for the
PICA_SECRETand provides clear instructions on avoiding hardcoded credentials by using.envfiles.
Audit Metadata