wp-maps
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install
@membranehq/clivia NPM. This is a vendor-provided tool (Membrane) used for interacting with their service and is consistent with the skill's stated purpose. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to manage connections and execute actions. These operations are restricted to the user's authenticated session and do not involve arbitrary shell execution or unsafe user input interpolation. - [DATA_EXPOSURE]: The skill explicitly advises against hardcoding credentials or asking users for API keys, recommending the use of Membrane's centralized connection management instead. This aligns with security best practices for secret management.
- [DYNAMIC_EXECUTION]: The skill includes functionality to create new actions via natural language descriptions (
membrane action create). While this involves dynamic code generation on the Membrane platform, it is a core feature of the service and is executed within the vendor's managed environment.
Audit Metadata