Skills
skills/r-earth-or/lcrm_skills/lcrm-business-record/Gen Agent Trust Hub

lcrm-business-record

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements secure credential management by reading the LCRM_API_KEY from environment variables rather than using hardcoded secrets.
  • [SAFE]: Write operations (POST requests) require a mandatory user confirmation step as defined in the SKILL.md instructions, preventing automated or unauthorized data modifications.
  • [SAFE]: Network communication is directed to a specific, relevant domain (crm.langcore.net) necessary for the CRM functionality.
  • [COMMAND_EXECUTION]: The skill uses local Node.js scripts (scripts/business-record.mjs) to interact with the API. This is the intended execution model and does not involve arbitrary or unsanitized shell command execution.
  • [DATA_EXPOSURE]: The script scripts/lib.mjs provides a --payload-file option that reads local files using readFileSync. While this allows the agent to read local data, the script attempts to parse the content as JSON, which naturally limits the exposure of non-JSON system files (e.g., SSH keys or shell profiles).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 01:57 AM