apache-superset
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clivia npm. This is a standard installation of a vendor-owned package for the intended functionality. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (e.g.,
membrane login,membrane action run) to interact with the service. These commands are part of the documented toolchain and do not involve shell injection or privilege escalation. - [CREDENTIALS_UNSAFE]: The skill correctly implements security best practices by using a delegated authentication flow (
membrane login) and explicitly advising against asking users for API keys or tokens.
Audit Metadata