knack
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This CLI is the official tool for the Membrane platform. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands (e.g.,membrane login,membrane connect,membrane action run) to manage authentication and interact with the Knack API. - [DATA_EXFILTRATION]: No exfiltration risks were identified. The instructions explicitly advise against asking for user secrets (API keys or tokens), recommending instead that the platform handle authentication server-side.
Audit Metadata