pickrr
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from the public npm registry using
npm install -g @membranehq/cli@latest. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (
membrane login,membrane connect,membrane action) to manage the integration. These are standard operations for the described platform and do not involve arbitrary or obfuscated command execution. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, directing them instead to use the platform's connection management which handles authentication server-side.
- [DATA_EXFILTRATION]: No patterns of sensitive data access or exfiltration to unauthorized domains were detected. Network operations are limited to the vendor's CLI tool interacting with its own infrastructure.
Audit Metadata