wildapricot
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official tool provided by the vendor (Membrane) to facilitate integrations, aligning with the author and repository information. - [COMMAND_EXECUTION]: Instructions guide the agent to use the
membraneCLI for logging in, connecting to WildApricot, and executing actions. These commands are necessary for the skill's intended functionality within the Membrane ecosystem. - [SAFE]: The skill follows security best practices by delegating authentication to the Membrane platform. It explicitly instructs the agent not to ask for API keys or tokens, reducing the risk of credential exposure by keeping secrets server-side.
- [SAFE]: All external references, including the homepage (getmembrane.com), repository (github.com/membranedev), and NPM packages, belong to the verified vendor or well-known public registries.
Audit Metadata