Skills
skills/membranedev/application-skills/sms-magic/Gen Agent Trust Hub

sms-magic

Fail

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally via NPM. This is a legitimate utility provided by the vendor (Membrane) to facilitate integration tasks.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI commands (membrane login, membrane connect, membrane action) to interact with the SMS Magic and Membrane services. These commands are used for their intended administrative purposes.
  • [SAFE]: While external scanners flagged smsmagic.com and the SKILL.md file, these appear to be false positives. smsmagic.com is the official domain for the SMS Magic service, and the content of the skill file is consistent with standard API documentation and CLI usage for a legitimate messaging integration.
  • [SAFE]: Authentication is handled server-side by the Membrane platform, which follows best practices by ensuring no sensitive credentials or API keys are stored locally within the skill or processed in plain text by the agent.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 29, 2026, 06:50 PM
Security Audit — agent-trust-hub — sms-magic