1password
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill suggests installing the
@membranehq/clipackage globally via npm. This is an official tool provided by the vendor (membranedev) and is necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to perform tasks such as authentication (membrane login), connecting to 1Password (membrane connect), and executing actions (membrane action run). These are standard operational procedures for the tool. - [CREDENTIALS_UNSAFE]: The skill demonstrates high security awareness by explicitly instructing the agent to let the platform handle credentials server-side rather than asking the user for API keys or tokens.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected. The skill's behavior aligns perfectly with its stated purpose of providing a 1Password management interface.
Audit Metadata