shippo
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This is the official command-line tool for the Membrane platform and is a vendor-owned resource necessary for the skill's operation. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform several operations including user authentication, service connection, and the execution of Shippo-related actions. These commands are standard for the integration and are documented as part of the platform's normal usage. - [DATA_EXFILTRATION]: The skill accesses and processes data from the Shippo API, such as shipping labels, tracking information, and addresses. This data is retrieved via the Membrane service and presented to the agent, which is the primary purpose of the integration.
- [COMMAND_EXECUTION]: The skill uses the
membrane action createcommand to generate new integration logic on the Membrane platform based on natural language descriptions. This behavior is a feature of the underlying service and does not involve local dynamic execution of untrusted code.
Audit Metadata