Skills
skills/witooh/skills/skill-creator/Gen Agent Trust Hub

skill-creator

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.Popen and subprocess.run across several scripts (run_eval.py, run_loop.py, package_skill.py) to execute the claude CLI and system tools like lsof. This is a core part of its functionality to automate the testing and optimization of skill descriptions.
  • [EXTERNAL_DOWNLOADS]: The eval-viewer renders an HTML page that loads the SheetJS library from cdn.sheetjs.com. This is used locally to allow the user to preview Excel files generated during skill testing.
  • [REMOTE_CODE_EXECUTION]: While the skill facilitates the execution of scripts within 'subagents' to test new skills, these are handled via the standard agent workflow. The run_eval.py script programmatically invokes the local claude CLI to test triggering rates.
  • [DATA_EXFILTRATION]: The skill includes networking capabilities via anthropic Python client to communicate with the LLM for description optimization. It also starts a local HTTP server (HTTPServer) to serve the evaluation results to the user's browser; this server is restricted to 127.0.0.1.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 01:37 PM