canvas
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clitool from the official NPM registry. This is a verified utility from the skill's author used to interface with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to manage connections and execute API actions. These operations are restricted to the intended purpose of managing Canvas data. - [CREDENTIALS_UNSAFE]: Security best practices are followed by using
membrane connect, which handles OAuth flows and token management server-side, preventing the need for the agent to handle or store raw API keys. - [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Network operations are routed through the vendor's authenticated CLI environment.
Audit Metadata