knock
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected.
- [EXTERNAL_DOWNLOADS]: The skill installs and uses the official
@membranehq/clipackage from the public npm registry, which is a trusted vendor resource for this skill. - [COMMAND_EXECUTION]: Shell commands are used to interact with the Membrane platform (e.g.,
membrane login,membrane connect,membrane action run). These are standard operations for the tool's intended purpose. - [CREDENTIALS_UNSAFE]: The skill implements strong security practices by explicitly instructing the agent to never ask users for API keys or tokens, instead utilizing server-side credential management via the
membrane connectworkflow.
Audit Metadata