Skills
skills/show-karma/skills/setup-agent/Gen Agent Trust Hub

setup-agent

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands (curl, grep, echo) to interact with the Karma API and manage local configuration files.
  • Evidence: Uses curl to register agents and verify API keys at https://gapapi.karmahq.xyz.
  • Evidence: Modifies shell configuration files (.zshrc, .bashrc) to persist the KARMA_API_KEY environment variable, which is a standard persistence mechanism for developer tools.
  • [DATA_EXFILTRATION]: While the skill sends data (emails) to an external API, this is the primary purpose of the skill (authentication) and targets the vendor's official infrastructure.
  • [CREDENTIALS_UNSAFE]: The skill handles API keys but follows security best practices by masking them in documentation and instructing the agent to ask for permission before saving them to disk.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 10:58 AM