craftcms
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from the NPM registry. This is a vendor-owned CLI tool required for the skill to communicate with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (e.g.,
membrane login,membrane search,membrane action run) to manage connections and perform operations on CraftCMS. These commands are executed locally via the agent's shell environment and are consistent with the skill's stated purpose of providing a CLI-based integration. - [SAFE]: Authentication is handled through an OAuth-like flow (
membrane login) that opens a browser window, keeping sensitive credentials out of the agent's context. The skill explicitly advises against asking users for API keys, reinforcing a secure-by-default posture.
Audit Metadata