big-cartel

The skill demonstrates coherent purpose-capability alignment: it provides Big Cartel integration via the Membrane CLI and a proxy-authenticated flow, with credentials managed server-side and standard API interactions. Install sources are reputable (npm registry for the CLI), and data paths flow through Membrane to Big Cartel APIs without exposing secrets locally. The threat posture is low-to-moderate given the controlled credential flow and proxy usage, though it relies on Membrane’s authentication safeguards. Overall, the footprint is benign and proportionate to the stated goal, with no evident credential harvesting, hardcoded secrets, or unverifiable binaries.