cinc
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via NPM. This is a legitimate tool provided by the skill's author (membranedev) for interacting with their platform. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly advising against asking for user API keys or tokens, instead using a 'connection' model where credentials are managed server-side by the Membrane platform.
- [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform actions. These commands are standard for the platform's operation and do not involve suspicious shell features or privilege escalation. - [REMOTE_CODE_EXECUTION]: While the skill mentions creating actions (
membrane action create), this refers to the platform's capability to generate API integrations on its own infrastructure based on natural language descriptions, which is the intended core functionality of the service.
Audit Metadata