mir-publish-guide
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructional command-line snippets for using the
mirCLI tool vianpx. Commands includemir sync,mir preview,mir publish,mir login, andmir logoutfor managing and deploying code snippets. - [EXTERNAL_DOWNLOADS]: References the
mirpackage, which is typically downloaded from the official npm registry when run vianpx. This is standard behavior for Node.js-based developer tools. - [CREDENTIALS_UNSAFE]: Discusses the management of
publish_tokenandmirconfig.yamlfor remote registry authentication. It correctly guides the user to usemir loginfor automated token handling or provides a template for manual configuration, without containing or requesting hardcoded secrets. - [DATA_EXFILTRATION]: Describes the process of uploading snippet data to remote registries. Critically, it includes a prominent safety warning (using '⚠️🌍') informing the user that publishing to the 'official-registry' makes their content publicly accessible worldwide, encouraging review before deployment.
Audit Metadata