affinda
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This is a vendor-owned package used to interact with the Membrane platform and handle integration logic. - [COMMAND_EXECUTION]: The skill utilizes several CLI commands (e.g.,
membrane login,membrane connect,membrane action run) to manage connections and execute API actions. These are standard operations for the platform and do not involve arbitrary or malicious command injection. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. The skill uses a proxy mechanism through the Membrane CLI which handles authentication headers and credential refreshes securely on the server side.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by not hardcoding any API keys or secrets. It explicitly instructs users to let the platform handle the full authentication lifecycle server-side.
Audit Metadata