draw-thing
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to interact with the localdraw-things-clibinary. Commands are constructed using user-provided prompts and parameters. The documentation explicitly instructs the agent to show the full command to the user before execution and provides guidance on shell quoting to prevent injection issues. - [EXTERNAL_DOWNLOADS]: The skill references the official
drawthingsaiHomebrew tap for installing the necessary CLI tool if it is missing. This is a standard installation procedure for third-party macOS software and is integral to the skill's purpose. - [SAFE]: No malicious patterns such as data exfiltration, unauthorized persistence, or code obfuscation were identified. The included shell script
scripts/check-cli.shperforms benign environment checks and correctly handles character escaping for JSON output.
Audit Metadata