redox
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install the
@membranehq/clipackage from the official NPM registry. This is a tool provided by the skill's vendor to facilitate platform interactions. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface for authentication (membrane login), establishing connections (membrane connect), and executing actions (membrane action run). These commands are standard for the intended functionality of the skill. - [DATA_EXFILTRATION]: No malicious data exfiltration patterns were detected. The skill explicitly advises against asking users for secrets or API keys, instead utilizing the platform's connection management to handle authentication securely.
- [REMOTE_CODE_EXECUTION]: While the skill mentions that 'Membrane will build [actions] automatically' via
membrane action create, this code generation occurs on the vendor's remote platform and is triggered by specific user/agent intent, rather than executing arbitrary remote scripts locally.
Audit Metadata