pocketbase
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references and downloads assets from trusted sources including GitHub (github.com/pocketbase/pocketbase) and the GitHub Container Registry (ghcr.io/pocketbase/pocketbase). These downloads are necessary for the skill's primary purpose of setting up a PocketBase instance.
- [COMMAND_EXECUTION] (SAFE):
scripts/setup_pocketbase.shuses Docker commands to deploy the PocketBase environment. These operations are standard for database management and do not involve piped remote script execution or elevated privileges beyond what is required for Docker. - [DATA_EXFILTRATION] (SAFE):
scripts/export_data.pyaccesses database records for migration purposes. The data is written to a user-specified local directory and is not transmitted to any unauthorized external domains. Network operations are limited to the user-provided base URL. - [CREDENTIALS_UNSAFE] (SAFE): While
scripts/export_data.pyallows passing an admin password via CLI, it correctly implementsgetpassto prompt for credentials securely by default. Documentation files use clearly marked placeholders like{admin_token}or{token}instead of hardcoded secrets.
Audit Metadata