nmbrs
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry and usesnpxto run actions. This is an official tool from the skill's author (membranedev) used to manage the integration. - [COMMAND_EXECUTION]: The agent uses the
membranecommand-line interface to interact with the Nmbrs API. This includes listing connections, searching for actions, and executing payroll/HR tasks. - [CREDENTIALS_UNSAFE]: Security is enhanced by the use of a managed authentication flow. The skill explicitly discourages asking users for API keys, instead relying on the
membrane loginandmembrane connectcommands which handle tokens server-side. - [DATA_EXFILTRATION]: The skill interacts with sensitive HR data such as salary components and payslips. However, all data transmission is performed through the authorized Membrane platform to the official Nmbrs API, with no evidence of unauthorized data routing or exfiltration to third parties.
Audit Metadata