expensify
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official vendor CLI (
@membranehq/cli) to manage authentication and execute actions. This approach minimizes the risk of credential exposure as it avoids direct handling of API keys by the agent or user instructions. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from the official NPM registry (
@membranehq/cli). As this is a well-known package registry and the package belongs to the vendor's namespace, it is considered a safe and standard installation procedure. - [COMMAND_EXECUTION]: The skill utilizes standard shell commands to interact with the Membrane CLI. These commands (
login,connect,action list,action run) are scoped to the intended functionality of managing Expensify data and do not involve suspicious privilege escalation or system-level modifications.
Audit Metadata