Skills
skills/membranedev/application-skills/sonarqube/Gen Agent Trust Hub

sonarqube

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the npm registry. This is the official CLI tool provided by the vendor (membranedev) to facilitate the integration.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI commands (membrane login, membrane connect, membrane action run) to interact with the SonarQube service. These operations are standard for the platform's workflow and are used to manage code quality data.
  • [DATA_EXFILTRATION]: While the skill communicates with the Membrane platform (getmembrane.com) to process actions and manage authentication, this is the intended functionality of the service. The skill explicitly discourages the manual handling of sensitive credentials like API tokens, which enhances security.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 01:15 AM