bigbox
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official '@membranehq/cli' and the 'getmembrane.com' infrastructure, which are owned by the verified author. This centralized approach ensures that authentication and API requests are handled securely through a managed environment.
- [COMMAND_EXECUTION]: The skill provides standard setup and operational commands for the Membrane CLI, such as 'npm install' and 'membrane login'. These are typical for administrative tasks and do not represent an arbitrary or malicious execution threat.
- [EXTERNAL_DOWNLOADS]: Dependencies are fetched from the official NPM registry, and documentation links point to well-known or author-controlled domains, which are considered safe sources for the intended functionality.
- [SAFE]: Minor metadata inconsistencies (references to Best Buy and Home Depot within a BigBox skill) appear to be documentation or template errors rather than malicious deception intended to bypass security.
Audit Metadata