tonic
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI (@membranehq/cli) from the public npm registry. This is a standard and expected dependency for the intended functionality of the integration.
- [COMMAND_EXECUTION]: Instructs the agent to use the membrane CLI for managing connections and running actions on the Tonic platform. These commands are scoped to the legitimate operation of the tool and occur within the vendor's ecosystem.
- [DATA_EXFILTRATION]: Authentication is handled via the CLI's login flow, which avoids the need for hardcoded credentials or direct access to sensitive local files like SSH keys or AWS configs.
Audit Metadata