apicurio-registry
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry. This is a vendor-provided tool used to manage the integration. - [COMMAND_EXECUTION]: The skill uses shell commands via the
membraneCLI to authenticate users, manage connections, and execute actions. These commands are part of the intended functionality for interacting with the Membrane platform. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, directing the agent to use the
membrane connectworkflow instead. This is a positive security practice that prevents local credential storage. - [REMOTE_CODE_EXECUTION]: The skill features the ability to create and run 'actions' via the Membrane CLI. While this involves dynamic execution on the vendor's platform, it is the primary purpose of the tool and is managed within the vendor's ecosystem.
Audit Metadata