double
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install
@membranehq/clivia npm. This is the official command-line tool provided by the vendor (membranedev) to interact with their platform. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to manage integrations. It includes standard commands for authentication (membrane login), connection management (membrane connect), and executing service-specific logic (membrane action run). These commands are necessary for the skill's primary function. - [CREDENTIALS_UNSAFE]: The skill implements secure credential management. It explicitly instructs the agent to never ask for API keys or tokens, delegating the authentication lifecycle and secret storage to the Membrane platform.
- [REMOTE_CODE_EXECUTION]: The skill features a capability to create actions from natural language descriptions (
membrane action create). While this involves generating code/logic, it occurs within the Membrane platform's managed environment and is a core feature of the service rather than an arbitrary shell execution vulnerability within the agent's local environment.
Audit Metadata