qualaroo
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill instructions or metadata.
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry. This is a legitimate tool provided by the vendor to facilitate the integration and does not represent a supply chain risk. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to manage connections and execute API actions. These shell commands are limited to the intended functionality of interacting with the Qualaroo service. - [CREDENTIALS_UNSAFE]: The skill follows secure credential management practices by using the platform's connection system. It explicitly instructs the agent not to ask for or store user API keys locally.
Audit Metadata