hume
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI (@membranehq/cli) from the npm registry. This is a vendor-owned package used to interact with the Membrane platform.
- [COMMAND_EXECUTION]: The skill uses shell commands to manage connections and execute actions. These commands are limited to the vendor's CLI tool.
- [CREDENTIALS_UNSAFE]: The skill explicitly follows best practices by instructing the agent not to ask users for API keys or tokens. Instead, it leverages Membrane's server-side connection management to handle authentication securely.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transfer. Network operations are directed towards the vendor's infrastructure (Membrane) and the integrated service (Hume) as part of the intended functionality.
Audit Metadata