smooch
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This is a vendor-owned resource necessary for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI for several operations: membrane login: Authenticates the user and manages session tokens.membrane connect: Establishes a connection to the Smooch service.membrane action run: Executes specific business logic or API calls on the Smooch platform.- [REMOTE_CODE_EXECUTION]: The
membrane action createcommand allows for the dynamic generation of actions based on natural language descriptions. This code generation and subsequent execution are performed within the managed Membrane environment as part of its core service offering. - [DATA_EXFILTRATION]: The skill follows security best practices by explicitly advising against asking for or storing raw API keys, instead relying on Membrane's server-side connection management.
Audit Metadata