tapfiliate
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the
@membranehq/clitool, which is the official command-line interface provided by the vendor (membranedev). The installation of this package from npm is a standard procedure for using the platform. - [SAFE]: Managed authentication is used via
membrane connect. This prevents the need for manual handling of sensitive credentials like API keys or tokens within the agent environment, adhering to security best practices. - [SAFE]: Command execution is limited to the
membraneCLI for managing Tapfiliate data (e.g., listing actions, running actions). These operations are consistent with the skill's stated purpose of interacting with Tapfiliate services. - [SAFE]: While the skill processes external data from Tapfiliate, there is no evidence of malicious intent or obfuscated commands. The dynamic creation of actions is a core feature of the vendor's platform for automating API integrations.
Audit Metadata