Skills
skills/supercent-io/skills-template/react-grab/Gen Agent Trust Hub

react-grab

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the core library and associated assets from the NPM registry and 'unpkg.com', which is a well-known CDN for JavaScript packages.
  • [COMMAND_EXECUTION]: Utilizes Bash scripts (install.sh, add-agent.sh) to automate project setup, framework detection, and integration with various AI agents like Claude Code and Cursor.
  • [REMOTE_CODE_EXECUTION]: Executes the 'grab' CLI tool via npx to initialize the project and add MCP (Model Context Protocol) support. This involves downloading and running code from the official NPM registry, a standard practice for modern web development tooling.
  • [DATA_EXPOSURE]: Programmatically reads React component names and local filesystem paths to provide context to AI agents. This behavior is the central feature of the skill, is clearly disclosed in the documentation, and occurs within the user's development environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:07 AM