reachmail
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the public npm registry. This is the official command-line interface provided by the vendor (membranedev) to interact with their platform and is a standard dependency for this skill's functionality. - [COMMAND_EXECUTION]: The instructions involve executing
membraneCLI commands for logging in, connecting to ReachMail, and managing actions. These commands are part of the intended workflow for using the Membrane integration and do not involve arbitrary or hidden shell command execution. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly advising against asking users for API keys or tokens. Instead, it utilizes the
membrane connectworkflow, which handles authentication server-side, reducing the risk of credential exposure in local environments. - [DATA_EXFILTRATION]: There are no patterns indicating unauthorized data transfer to third-party domains. All network interactions are mediated through the Membrane platform's official CLI and infrastructure.
Audit Metadata