hokodo
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the Membrane CLI (@membranehq/cli) from the npm registry. This is the official tool provided by the vendor (membranedev) to facilitate the integration.
- [COMMAND_EXECUTION]: The skill utilizes the membrane command-line interface to perform authentication, service connection, and action execution. These commands are used within the scope of the skill's intended functionality.
- [SAFE]: Security alerts regarding developers.hokodo.io were reviewed. This domain is the legitimate developer documentation site for Hokodo, a professional fintech service.
- [SAFE]: The skill includes explicit instructions to the AI agent to avoid requesting or storing sensitive credentials like API keys locally, relying instead on server-side connection management.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata