jibble
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of the
@membranehq/clipackage via the NPM registry. This is an official utility provided by the skill author (membranedev) for interacting with their platform. - [COMMAND_EXECUTION]: The skill utilizes shell commands (
membrane login,membrane action run) to perform its primary functions. These operations are restricted to the vendor's official command-line tool and are necessary for the skill's intended purpose. - [CREDENTIALS_UNSAFE]: The skill explicitly directs the agent to avoid requesting user API keys or tokens. Instead, it uses a secure, platform-managed connection flow where credentials are kept server-side, preventing local exposure.
- [DATA_EXFILTRATION]: While the skill interacts with external APIs (Jibble and Membrane), these network operations are documented as the core functionality for time tracking and data management, with no evidence of unauthorized data transfer.
Audit Metadata