fnox-security-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is entirely educational, providing documentation on how to use Fnox for secrets management. No malicious patterns, obfuscation, or exfiltration vectors were identified.
- [CREDENTIALS_UNSAFE] (SAFE): While the file contains strings like 'sk-live-12345', they are explicitly labeled as 'Bad' examples of plain-text secrets to demonstrate what users should avoid. They are non-functional dummy credentials used for illustrative purposes.
- [COMMAND_EXECUTION] (SAFE): The skill includes bash commands for administrative tasks such as generating keys (
age-keygen), setting file permissions (chmod 600), and auditing git history. These actions are directly relevant to the skill's primary purpose of security hardening. - [DATA_EXFILTRATION] (SAFE): No network operations or commands attempting to send sensitive files to external domains were found.
Audit Metadata