carto
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli tool from the npm registry. This is the official command-line utility for the vendor's platform and is used for authentication and task execution.
- [COMMAND_EXECUTION]: Uses the membrane CLI to perform operations such as searching for actions (membrane action list), running specific tasks (membrane action run), and creating new automation flows based on natural language descriptions.
- [SAFE]: The skill follows secure credential management patterns. It utilizes OAuth authentication via the membrane CLI and explicitly discourages the manual handling or requesting of user API keys, ensuring that credentials remain managed server-side by the platform.
Audit Metadata