hifi-download
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Python subprocess module to execute necessary external tools, including qobuz-dl and tiddl for music downloads and pip for environment setup. These operations are restricted to the skill's primary functions and do not exhibit malicious command patterns.
- [EXTERNAL_DOWNLOADS]: Setup scripts identify and install required third-party dependencies from official Python package registries. These libraries are standard for music metadata processing and audio acquisition.
- [SAFE]: The implementation emphasizes security by utilizing local environment files for secret storage and explicitly instructing the agent not to request sensitive credentials in clear text. The provided local dashboard for tracking download progress runs exclusively on the loopback interface, ensuring it is only accessible to the local user.
Audit Metadata