comet-ml
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the '@membranehq/cli' Node.js package, which is the official command-line tool provided by the skill author (membranedev) for interacting with their platform.
- [SAFE]: Authentication is handled through a secure browser-based OAuth flow ('membrane login') or a controlled headless flow, ensuring that machine learning platform credentials are never handled directly by the AI agent or stored in plaintext.
- [SAFE]: Network operations are routed through a managed proxy ('membrane request') that handles authentication headers and token refreshes server-side, minimizing the risk of credential leakage during API calls.
- [SAFE]: The skill instructions explicitly direct the agent to avoid asking users for sensitive API keys and instead use the platform's connection management system, which is a significant security positive.
Audit Metadata