miniprogram-development
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's instructions and code snippets align with standard development practices for the WeChat and CloudBase platforms.
- [CREDENTIALS_UNSAFE]: The skill explicitly advises against hardcoding sensitive credentials such as Secret IDs or Keys in configuration files, recommending the use of interactive device-code authentication instead.
- [REMOTE_CODE_EXECUTION]: The skill references the execution of vendor-specific tools via
npx(e.g.,@cloudbase/cloudbase-mcpandmcporter). These references are for platform-specific tasks like Model Context Protocol (MCP) server configuration and environment management, which are legitimate within the context of the skill's purpose. - [COMMAND_EXECUTION]: Documentation includes examples of using the
mcporterCLI to manage environment settings and discover tool schemas, which is a standard part of the provided development workflow.
Audit Metadata