revenuecat
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill correctly uses an environment variable (RC_API_KEY) for API authentication, which prevents the exposure of hardcoded secrets.
- [SAFE]: All network operations are limited to official RevenueCat domains (api.revenuecat.com and revenuecat.com), ensuring data is sent only to the legitimate service provider.
- [COMMAND_EXECUTION]: The script 'scripts/rc-api.sh' executes the 'curl' command to communicate with the API. It employs safe shell practices, including variable quoting and strict error handling (set -euo pipefail), to mitigate shell injection risks.
Audit Metadata