nasa-firms-fire-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates exclusively with official NASA FIRMS API endpoints (
firms.modaps.eosdis.nasa.gov) to retrieve wildfire detection data. These are well-known, trusted government services. - [COMMAND_EXECUTION]: The skill uses standard Python subprocess execution to run its internal script (
scripts/nasa_firms_fire_fetch.py). These commands are strictly parameterized for date ranges, bounding boxes, and data sources, with no evidence of shell injection vulnerabilities. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by requiring the
NASA_FIRMS_MAP_KEYto be provided via environment variables or a local.envfile (assets/config.env). The code includes amask_secretfunction and URL redaction logic to ensure the API key is never printed in logs or standard output. - [DATA_EXFILTRATION]: No evidence of data exfiltration. Network activity is limited to the defined NASA API for the purpose of fetching requested data. There are no secondary network calls to untrusted or unknown domains.
Audit Metadata