vibesku
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a professional CLI for e-commerce visual generation. The core logic in bin/vibesku.js follows standard patterns for Node.js command-line tools, using the commander library for argument parsing and native fetch for network requests to the official VibeSKU API.
- [SAFE]: Authentication is handled using industry-standard methods (API keys and OAuth2-style device flow). Credentials are saved to a local configuration file (~/.vibesku/config.json) with restricted filesystem permissions (0600), ensuring they are only readable by the current user.
- [SAFE]: No malicious behavior such as prompt injection, data exfiltration to third-party domains, or unauthorized persistence was detected. The tool's operations are transparent and restricted to its stated functionality.
Audit Metadata