Oathe Security Badge

Is chrismichaelps/metacritic safe?

https://github.com/chrismichaelps/metacritic

97
SAFE

This repository contains a legitimate JavaScript library for scraping Metacritic data, but it is not actually an AI agent skill as it lacks any SKILL.md file. The code appears benign and follows standard web scraping patterns using common libraries like axios and cheerio.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 100/100 · 5%

Findings (4)

CRITICAL Not an AI Agent Skill 0

This repository lacks a SKILL.md file entirely, indicating it is not designed as an AI agent skill but rather as a regular JavaScript library for web scraping Metacritic data.

LOW HTTP Requests to External Site -5

The library makes HTTP requests to metacritic.com for legitimate web scraping purposes. This is expected behavior for a Metacritic scraping library.

LOW Executable JavaScript Code -10

Contains executable TypeScript/JavaScript code, but this is standard for a npm package and shows no malicious patterns.

INFO Legitimate Web Scraping Library 0

This appears to be a legitimate open-source library for scraping Metacritic reviews with proper dependencies (axios, cheerio) and standard package structure.