commcare
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official npm registry. This is a vendor-provided tool required for the skill's functionality. - [COMMAND_EXECUTION]: The skill utilizes several shell commands via the
membraneCLI (e.g.,membrane login,membrane connect,membrane action run) to manage the lifecycle of CommCare integrations and execute data operations. - [CREDENTIALS_SAFE]: The instructions promote secure practices by using an OAuth-based connection flow (
membrane connect) and explicitly advising the agent to avoid asking for or storing raw API keys or tokens.
Audit Metadata