usage-query-skill
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill's code or instructions. The functionality is limited to querying usage metrics.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local Node.js script,
scripts/query-usage.mjs, which is the intended method for fetching usage data.\n- [DATA_EXFILTRATION]: The script transmits an authentication token to external domains. These domains are restricted to the vendor's official API (api.z.ai) or the well-known AI service provider Zhipu AI (bigmodel.cn), which is appropriate for the skill's purpose.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata