recur-checkout
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the 'recur-tw' Node.js package. While the author 'recur' is not on the pre-approved trusted list, the package is the core component of the skill's stated purpose and is handled safely within the code examples.- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys or secrets were found. The code examples correctly demonstrate the use of environment variables (e.g., process.env.RECUR_SECRET_KEY) for sensitive information.- [DATA_EXFILTRATION] (SAFE): Network communication is directed to the official service domain (api.recur.tw). There are no patterns suggesting unauthorized data collection or exfiltration to third-party servers.- [COMMAND_EXECUTION] (SAFE): The skill does not contain any instructions for arbitrary command execution, shell spawning, or system-level modifications.
Audit Metadata