lob
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the Membrane CLI (
@membranehq/cli) to interact with Lob. This is a legitimate tool provided by the vendor (membranedev). - [SAFE]: Authentication is managed via
membrane login, which uses OAuth/browser-based flows to handle credentials server-side, preventing the need for the user to provide or store raw API keys locally. - [SAFE]: External dependencies and network communication are limited to the official vendor domain (getmembrane.com) and the npm registry for the CLI installation.
- [SAFE]: Although the description metadata contains a slight inconsistency (referencing CRM objects like 'Deals' and 'Leads' likely from a template), the functional instructions and examples correctly target Lob's mailing and verification services.
Audit Metadata