Scan Report
0 /100
subagent-spawn-command-builder
Build sessions_spawn command payloads from JSON profiles
This is a simple, benign payload builder script for sessions_spawn that only parses CLI arguments, validates inputs, writes logs to a local file, and outputs JSON. No malicious behavior detected.
Safe to install
No action needed. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | WRITE | ✓ Aligned | fs.appendFileSync writes to state/build-log.jsonl (line 96), fs.mkdirSync create… |
| Network | NONE | NONE | — | No network requests in code |
| Shell | NONE | NONE | — | No shell execution, no subprocess |
| Environment | NONE | NONE | — | No access to process.env |
File Tree
3 files · 8.6 KB · 274 lines Markdown 2f · 144L
JavaScript 1f · 130L
├─
▾
scripts
│ └─
build_spawn_payload.mjs
JavaScript
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Documentation accurately describes functionality (builds payload JSON only, does not execute sessions_spawn)
✓ No shell or subprocess execution
✓ No network requests or external connections
✓ No credential harvesting or sensitive file access
✓ No obfuscation techniques (no eval, no base64, no dynamic code execution)
✓ Input validation present for cleanup and mode parameters
✓ Uses standard Node.js fs API only for local logging