zsxq-shared
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
zsxq-clibinary to perform authentication management, includingauth login,auth status, andauth logoutfunctionality. - [COMMAND_EXECUTION]: It facilitates direct interaction with the Knowledge Planet API through
zsxq-cli api callandzsxq-cli api rawcommands, which process structured JSON parameters for various service endpoints. - [SAFE]: The skill includes a dedicated 'Security Rules' section that explicitly instructs the AI agent to never output authentication tokens in plaintext and to always confirm user intent before performing write or delete operations (such as posting or commenting).
- [SAFE]: Authentication is handled via a standard OAuth 2.0 Device Authorization Grant (RFC 8628), with tokens stored securely in the system Keychain rather than in configuration files or environment variables.
Audit Metadata