clockify
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official Membrane CLI (@membranehq/cli) for all interactions with the Clockify API. This is a vendor-provided tool from the skill's author (membranedev) and follows standard installation practices.
- [SAFE]: Authentication is performed using a secure flow where the platform manages the full authentication lifecycle server-side. The instructions explicitly advise against asking users for API keys or tokens, reducing the risk of credential exposure.
- [SAFE]: No evidence of prompt injection, data exfiltration, or malicious persistence mechanisms was found. The skill's operations are confined to the intended purpose of managing Clockify data.
- [SAFE]: The network operations and package installations are associated with the official vendor infrastructure and well-known services.
Audit Metadata