vapi

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill guides the installation of the @membranehq/cli package from the official npm registry. This is a vendor-provided tool necessary for the skill's operation and is considered a safe dependency.- [COMMAND_EXECUTION]: The skill uses the membrane CLI for operations such as logging in, connecting to services, and running actions. These commands are the standard method for interacting with the Membrane platform.- [REMOTE_CODE_EXECUTION]: Through the membrane action create and membrane action run commands, the skill can define and execute automation logic. These operations take place within the managed environment of the Membrane platform.- [CREDENTIALS_UNSAFE]: This skill implements secure authentication practices by utilizing the platform's connection management system. It specifically avoids the use of hardcoded secrets or local storage of sensitive API keys, delegating credential handling to the vendor's service.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 11:21 PM
Security Audit — agent-trust-hub — vapi