nyckel
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
@membranehq/clitool globally using NPM. This is an official utility provided by the skill's author to interface with the Membrane platform. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to manage workflows, including user authentication, platform connection, and action execution. These commands are integral to the skill's primary function of integrating with Nyckel. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or unsafe secret handling practices were found. The skill explicitly directs the agent to avoid asking for user API keys, delegating credential lifecycle management to the vendor's server-side infrastructure.
- [DATA_EXFILTRATION]: There are no indicators of unauthorized data access or exfiltration. Network operations are restricted to the official vendor CLI and documented endpoints.
Audit Metadata