talkjs
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI tool from npm (
@membranehq/cli). This is a standard dependency provided by the vendor for interacting with their platform and is considered a safe vendor resource. - [COMMAND_EXECUTION]: Uses the local
membraneCLI to manage TalkJS connections and execute actions. These commands are legitimate and necessary for the skill's intended functionality of managing chat data. - [CREDENTIALS_UNSAFE]: The skill implements best practices for secret management by using Membrane's centralized authentication system. It specifically instructs the user not to provide API keys directly, instead relying on server-side token management.
- [DATA_EXFILTRATION]: No suspicious data transmission patterns were identified. All network operations are directed through the Membrane platform to the official TalkJS API as part of the expected integration workflow.
Audit Metadata