bk-monitor-dev-server
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions explicitly require the agent to solicit sensitive authentication data from the user, including URLs, session Cookies, and X-CSRFTokens, if the automated configuration validation fails.
- [COMMAND_EXECUTION]: The workflow executes several local scripts and system-level commands, specifically 'bash .cursor/skills/dev-server/scripts/check-env.sh' for environment validation, 'node .cursor/skills/dev-server/scripts/setup-config.js' for configuration management, and 'make' for starting development servers ('make dev-pc', 'make dev-vue3'). It also instructs the agent to modify system hosts files.
- [EXTERNAL_DOWNLOADS]: The skill uses the 'pnpm i' command to download and install external project dependencies from the public npm registry.
- [REMOTE_CODE_EXECUTION]: The execution of 'pnpm i' facilitates the potential running of remote code through installation hooks (preinstall/postinstall scripts) and the execution of logic within the downloaded third-party packages.
Audit Metadata