skill-installer
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/install_skill.pyusessubprocess.runto execute a local Python utility (scan_registry.py) to update the ecosystem's internal registry as part of the installation workflow. - [SAFE]: The component
scripts/validate_skill.pyperforms an automated security check on new skills by scanning for forbidden patterns (such as.env,credentials.json, and private keys) to ensure sensitive information is not accidentally installed into the agent's environment. - [SAFE]: The detection script
scripts/detect_skills.pyprogrammatically scans standard user paths (Desktop, Downloads, etc.) to identify skill candidates, which is the core intended functionality for managing the user's local skill ecosystem.
Audit Metadata