mosaicml
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructs the user to install the official Membrane CLI tool (
@membranehq/cli) from the public NPM registry. This is a standard deployment pattern for this vendor's ecosystem. - [SAFE]: Authentication is managed through a 'login' flow that handles credentials server-side. The instructions explicitly discourage asking users for sensitive tokens or API keys, which reduces the risk of credential exposure.
- [SAFE]: The skill uses the Membrane platform to abstract API interactions. While it allows for dynamic 'action creation' based on natural language descriptions, the actual generation and execution of these actions occur within the vendor's controlled infrastructure rather than via local dynamic code execution on the agent's host.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized privilege escalation patterns were detected. All network operations are directed towards the vendor's official domain (
getmembrane.com) or the MosaicML documentation site.
Audit Metadata