aptos
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- REMOTE_CODE_EXECUTION (LOW): The file move-testing/SKILL.md includes a documentation example for CI/CD setup that uses a 'curl | python3' command to install the Aptos CLI from the official aptos.dev domain. While this is a common installation pattern for blockchain tools, piping remote scripts directly to an interpreter is generally considered a high-risk practice.
- COMMAND_EXECUTION (SAFE): The skill provides numerous examples of legitimate shell commands for project initialization, compilation, and testing (e.g., 'aptos move test'). These commands are standard for the intended use case as a developer tool and are presented for informational purposes.
- EXTERNAL_DOWNLOADS (SAFE): The skill references several official and established packages and SDKs from the Aptos ecosystem (e.g., @aptos-labs/ts-sdk, @shelby-protocol/sdk, @decibel/sdk). All external references point to legitimate project domains and standard package registries.
Audit Metadata