clerkio
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage. This is a legitimate tool provided by the vendor (membrane) for platform interaction. - [COMMAND_EXECUTION]: Uses the
membraneCLI to manage connections and execute integration actions. These commands are standard for the platform's workflow and do not involve suspicious parameters. - [CREDENTIALS_UNSAFE]: The skill implements secure credential management by advising against the use of raw API keys. Instead, it uses a connection-based system where tokens are managed server-side by the Membrane platform.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes data returned from Clerk.io APIs.
- Ingestion points: Data returned from
membrane action runand metadata frommembrane action list. - Boundary markers: None explicitly defined in the skill markdown.
- Capability inventory: Can list, create, and execute actions via the Membrane CLI.
- Sanitization: Relies on the underlying agent's default safety filters and platform-level handling.
Audit Metadata