42crunch
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm. This is a vendor-provided tool necessary for the skill's operations. - [COMMAND_EXECUTION]: The skill makes extensive use of the
membraneCLI to manage integrations, list connections, and execute API actions. These commands are part of the core functionality for interacting with the 42Crunch platform. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The instructions explicitly advise against requesting or storing user credentials, instead using Membrane's secure connection management.
- [REMOTE_CODE_EXECUTION]: While the skill can 'create' actions based on natural language descriptions via
membrane action create, this code generation and execution occur within the controlled environment of the Membrane platform rather than through local unsafe execution patterns likeevalorexecon untrusted input.
Audit Metadata