upcloud
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package from the NPM registry. This is a global installation of a vendor-provided tool necessary for the skill's integration features.
- [COMMAND_EXECUTION]: Multiple shell commands are utilized via the 'membrane' CLI to handle authentication, connection setup, and action execution. These commands are the primary mechanism for interacting with the UpCloud API through the Membrane platform.
- [DATA_EXFILTRATION]: The skill implements a security-positive pattern by advising against the use of local API keys or tokens. Instead, it utilizes an OAuth-like flow where credentials are managed server-side by the vendor, reducing the risk of credential exposure within the agent's environment.
Audit Metadata