herald
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a vendor-provided tool (Membrane) necessary for the skill's core functionality. - [COMMAND_EXECUTION]: The skill relies on the
membraneCLI to perform operations such as logging in, connecting to services, and running actions. These are legitimate uses of the vendor's command-line interface for platform integration. - [DATA_EXFILTRATION]: The skill demonstrates positive security practices by explicitly instructing the agent to never ask the user for API keys or tokens, relying instead on Membrane's server-side connection management to handle the authentication lifecycle securely.
Audit Metadata