foxy
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes a vendor-provided CLI tool (
@membranehq/cli) to manage FoxyCart integrations. This is a legitimate tool provided by the author of the skill. - [SAFE]: No evidence of sensitive data access (such as SSH keys, environment files, or cloud credentials) was found. The instructions explicitly advise against requesting API keys or tokens, relying instead on a centralized connection manager.
- [SAFE]: The skill follows security best practices by using the Membrane platform's server-side authentication lifecycle, which prevents hardcoded secrets and minimizes the risk of credential exposure.
- [SAFE]: All external interactions and command executions are within the scope of the stated purpose of managing Foxy resources via the Membrane service.
Audit Metadata