Skills
skills/superwall/skills/superwall-editor/Gen Agent Trust Hub

superwall-editor

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a secure workflow for managing live editor sessions using pairing codes and temporary controller tokens.
  • [EXTERNAL_DOWNLOADS]: The sw-editor.sh script interacts with https://superwall-mcp.superwall.com, which is the official vendor-owned relay for Superwall services. This communication is essential for the skill's primary functionality.
  • [COMMAND_EXECUTION]: The skill executes a local bash script (scripts/sw-editor.sh) to perform API calls. The script uses jq to safely construct and parse JSON payloads, mitigating command injection risks when handling user-supplied arguments.
  • [CREDENTIALS_UNSAFE]: The skill manages session tokens by storing them in a local state file (.superwall/state.json) with restricted file permissions (chmod 600). It includes logic to strip these sensitive identifiers from status reports to prevent accidental exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:45 PM