kaleido
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a vendor-owned tool required for the skill's operation. - [COMMAND_EXECUTION]: The skill documentation includes several CLI commands for interacting with blockchain infrastructure, such as creating consortia, nodes, and application credentials. These are standard operations for managing the Kaleido service via the Membrane CLI.
- [SAFE]: The skill follows security best practices by delegating authentication and credential management to the Membrane platform via
membrane loginandmembrane connect, avoiding the exposure of secrets within the instructions or scripts. - [SAFE]: A minor documentation inconsistency was identified where the introductory text describes an image generation API (Kaleido.ai), whereas the available actions and official CLI commands relate to the Kaleido blockchain platform. This appears to be a descriptive error and does not introduce a security vulnerability.
Audit Metadata