ToolProof Trust Profile

app-cnvs-whiteboard

Low observed static risk. Sandbox Only, not production approval.

3risk score
Sandbox Onlyconnection signal
install_chainrisk type
29evidence score
Source: https://github.com/lksrz/cnvs-whiteboard-skills
Registry: app.cnvs/whiteboard 1.0.1

Connection signal

Low observed static risk. Sandbox Only, not production approval.

Observed tools

  • None observed in this static profile.

Top findings

  • Install risk pattern: unpinned_dependency — mcp-listen/package.json:7

Recommended controls

  • Install in a sandbox before team or production use.
  • Pin the exact package/repository version.
  • Review install scripts, Dockerfile behavior, and dependency pins.

Static analysis can miss behavior. This profile is an connection review signal, not production approval.