bugzilla
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the NPM registry. This is a vendor-owned package associated with the 'membranedev' author context and is necessary for interacting with the Membrane platform. - [COMMAND_EXECUTION]: The skill executes various
membraneCLI commands to authenticate users, manage connections, and run actions. These commands are standard for the platform's operation. - [DATA_EXPOSURE]: The skill explicitly advises against asking users for API keys or tokens, instead delegating authentication to the Membrane platform's connection manager, which is a positive security practice.
Audit Metadata