Skills
skills/rjyo/moshi-skill/moshi-best-practices/Gen Agent Trust Hub

moshi-best-practices

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various system commands to inspect and configure the host environment for remote access.
  • Evidence includes shell commands to check for tmux and mosh-server presence, as well as checking user shell settings via dscl and systemsetup on macOS.
  • It also manages tmux sessions and windows through the tmux CLI to establish a project-based workspace.
  • [EXTERNAL_DOWNLOADS]: The skill fetches a package from the NPM registry to facilitate integration with Moshi agent hooks.
  • Evidence: The command bunx moshi-hooks setup is used to download and run the vendor-provided utility.
  • [REMOTE_CODE_EXECUTION]: The skill uses the bunx runner to execute the moshi-hooks package directly from a remote registry.
  • Evidence: Instructions in SKILL.md specify running bunx moshi-hooks setup and bunx moshi-hooks token <YOUR_TOKEN> for configuration.
  • [COMMAND_EXECUTION]: The skill modifies shell startup files to install a persistent helper function for the user.
  • Evidence: The skill adds a custom moshi bash function to shell initialization files (e.g., .bashrc, .zshrc) as defined in references/moshi-shell-function.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 05:39 AM