sessions

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the @membranehq/cli via npx to perform operations like logging in, searching for connectors, and executing API actions. These commands are standard for the vendor's platform and do not involve unauthorized privilege escalation or persistence.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use npx @membranehq/cli@latest, which fetches the latest version of the Membrane CLI from the NPM registry. This is an expected behavior for a skill designed to work with the Membrane ecosystem.
  • [DATA_EXFILTRATION]: While the skill mentions the storage of credentials in ~/.membrane/credentials.json, this is described in the context of standard local configuration for the CLI tool. No patterns were detected indicating that these credentials or other sensitive data are sent to unauthorized external domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 10:47 PM
Security Audit — agent-trust-hub — sessions