respondio
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is the official command-line interface provided by the vendor (Membrane) and is a recognized, safe resource within the project's ecosystem. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform platform-specific tasks such aslogin,connect, andaction run. These commands are standard for the integration and are restricted to the authenticated user's environment. - [CREDENTIALS_UNSAFE]: Secure credential management is implemented by using Membrane's connection system. The instructions explicitly advise against requesting or storing raw API keys, opting for a server-side authentication lifecycle instead.
- [REMOTE_CODE_EXECUTION]: The skill uses
npx @membranehq/clifor dynamic action discovery. Since this targets the official, versioned package of the platform vendor, it is considered a legitimate and safe use of remote package execution for tool discovery.
Audit Metadata