neon
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is the vendor's primary tool for platform interaction. - [COMMAND_EXECUTION]: The instructions involve executing various
membranecommands for authentication (membrane login), connection management (membrane connect), and running database actions. These are legitimate operations for the skill's stated purpose. - [SAFE]: The skill explicitly advises against asking users for API keys or tokens, instead utilizing a server-side authentication flow managed by the Membrane platform. This reduces the risk of credential exposure in logs or local environments.
- [SAFE]: All external resources, including the CLI package and the
getmembrane.comdomain, are owned by the verified vendor 'membranedev' as identified in the skill metadata.
Audit Metadata