onfleet
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI (
@membranehq/cli) via npm and use npx to run commands. These are legitimate tools provided by the skill's author to facilitate the integration. - [COMMAND_EXECUTION]: The instructions involve executing the
membraneCLI tool to perform various tasks like logging in, searching for connectors, and running actions. These operations are restricted to the functionality of the Membrane platform. - [CREDENTIALS_UNSAFE]: The skill explicitly follows best practices by instructing the agent to never ask users for API keys or secrets. Instead, it uses a managed connection system where credentials are handled server-side by the Membrane platform.
- [DATA_EXFILTRATION]: While the skill involves network operations and data transfer between the local environment, Membrane, and Onfleet, these are consistent with the skill's primary purpose of delivery management and do not target sensitive local files or directories.
Audit Metadata