import
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto download and execute the@subframe/clipackage from the npm registry at runtime. - [COMMAND_EXECUTION]: Executes shell commands to prepare the environment (
mkdir -p .subframe) and to run the vendor's command-line interface for the import process. - [DATA_EXFILTRATION]: Reads local source files—specifically those identified as UI components and theme configurations—and uploads them to Subframe's official servers (
app.subframe.com). This behavior is the primary intended function of the skill. - [SAFE]: Authentication is handled securely through specialized MCP tools (
list_projects,generate_auth_token) rather than hardcoded secrets, following security best practices for credential management.
Audit Metadata