morningmate
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official npm registry. This is a legitimate tool provided by the vendor for interacting with their service. - [COMMAND_EXECUTION]: The skill uses the Membrane CLI to perform authentication (
membrane login) and manage connections. These commands are necessary for the skill's functionality and are executed using the official vendor tool. - [DATA_EXFILTRATION]: The skill instructions explicitly direct the agent to avoid asking users for secrets or API keys, using server-side connection management instead. This is a positive security practice that prevents sensitive credentials from being stored in the local environment or conversation history.
- [REMOTE_CODE_EXECUTION]: While the skill can create and run 'actions' via the Membrane platform (
membrane action create/run), these actions are managed and executed within the vendor's cloud environment as part of the intended platform functionality.
Audit Metadata