heap
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the installation of the
@membranehq/clipackage from the npm registry, which is a legitimate and necessary utility provided by the vendor for platform interaction. - [COMMAND_EXECUTION]: The skill relies on shell commands via the
membraneCLI to manage authentication and execute product analytics tasks, which is the intended operational model for this skill. - [SAFE]: No malicious behavior, obfuscation, or data exfiltration patterns were detected. The skill utilizes a secure OAuth-based login flow that prevents the exposure of raw API keys within the prompt or environment.
Audit Metadata