v0-dev
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- Command Execution via Official CLIs: The skill utilizes standard developer workflows such as
npx v0@latestandnpx shadcn@latestto initialize projects and add components. These tools are provided by the vendor to facilitate code integration into local environments. - Network Communication with Official Domains: The skill documents API and SDK interactions that communicate with official v0 domains, including
api.v0.dev,v0.app, andmcp.v0.dev. These connections are necessary for the skill's intended functionality of generating and deploying UI components. - Safe Credential Management: Authentication is handled through environment variables (e.g.,
V0_API_KEY), which is a recommended security practice to avoid hardcoding sensitive credentials directly in code. - External Package Integration: The skill references several official Node.js packages such as
v0-sdkand@v0-sdk/ai-tools. These packages are part of the Vercel ecosystem and are used to provide the programmatic capabilities described in the documentation.
Audit Metadata