lighton
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI using
npm install -g @membranehq/cli@latest. This is a standard installation of the vendor's official toolset. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (
membrane login,membrane connect,membrane action run) to interact with the Membrane platform. These commands are the intended method for managing integrations and do not perform unauthorized or hidden operations. - [DATA_EXFILTRATION]: Authentication is handled via
membrane login, which uses a browser-based flow or an authorization URL. This approach avoids the need for hardcoded API keys or sensitive environment variables within the skill itself, reducing the risk of credential exposure.
Audit Metadata