keyvault-skill
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs its core library and MCP server components directly from the developer's GitHub repository (github.com/ylz201/keyvault.git). These are recognized vendor resources required for the skill's management functionality.
- [COMMAND_EXECUTION]: Utilizes a suite of CLI tools for secret lifecycle management, including a utility (
keyvault inject) designed to execute downstream processes with environment variables derived from the secure vault. - [DATA_EXFILTRATION]: While the skill manages high-value credentials and accesses local storage at
~/.keyvault/, its operations are consistent with providing a secure, local-only vault. No evidence of unauthorized data transmission to remote servers was found.
Audit Metadata