carto-basics
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the CARTO CLI package (
@carto/carto-cli) via the npm registry. This is the official distribution method for the tool and targets the platform vendor's own package scope. - [COMMAND_EXECUTION]: The documentation contains various shell command examples for using the
cartoCLI. These include authentication (carto auth login), configuration management (carto auth use), and resource listing (carto maps list). These are standard operations for the tool's intended use case. - [CREDENTIALS_UNSAFE]: While the skill discusses the use of API tokens and authentication headers, it does so through instructional examples (e.g.,
export CARTO_API_TOKEN="your-api-token") without hardcoding any actual secrets. It encourages secure practices such as using OAuth for full-platform access and using environment variables for token management.
Audit Metadata