streamtime

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Membrane CLI (npx @membranehq/cli@latest) to perform various operations including authentication, connection management, and API requests. These commands are necessary for the skill's primary function and are documented as standard procedure for the vendor's ecosystem.
  • [EXTERNAL_DOWNLOADS]: The instructions rely on npx to fetch and execute the latest version of the @membranehq/cli package from the official NPM registry. This is a common pattern for developer-oriented tools and originates from a legitimate package scope associated with the service provider.
  • [SAFE]: The skill explicitly instructs against asking users for secrets, instead using a local configuration file (~/.membrane/credentials.json) for session persistence. This is a standard and safe practice for CLI-based authentication. No malicious patterns such as prompt injection, data exfiltration, or obfuscation were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 10:47 PM
Security Audit — agent-trust-hub — streamtime