streamtime
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Membrane CLI (
npx @membranehq/cli@latest) to perform various operations including authentication, connection management, and API requests. These commands are necessary for the skill's primary function and are documented as standard procedure for the vendor's ecosystem. - [EXTERNAL_DOWNLOADS]: The instructions rely on
npxto fetch and execute the latest version of the@membranehq/clipackage from the official NPM registry. This is a common pattern for developer-oriented tools and originates from a legitimate package scope associated with the service provider. - [SAFE]: The skill explicitly instructs against asking users for secrets, instead using a local configuration file (
~/.membrane/credentials.json) for session persistence. This is a standard and safe practice for CLI-based authentication. No malicious patterns such as prompt injection, data exfiltration, or obfuscation were detected.
Audit Metadata