till-payments
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official
@membranehq/clipackage from the npm registry. This is a standard procedure for using the Membrane platform and originates from a verified vendor associated with the skill author. - [COMMAND_EXECUTION]: Provides templates for executing shell commands using the
membraneCLI. These commands are used for legitimate workflows such as tenant login, connection management, and action discovery. - [REMOTE_CODE_EXECUTION]: Uses the Membrane platform to dynamically discover and run actions. While this involves executing logic remotely, it is performed through a controlled API and authenticated CLI, which is the intended and secure primary purpose of the skill.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly instructing the agent to never ask for API keys or tokens, relying instead on Membrane's server-side credential management.
Audit Metadata