chartmogul
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is the official CLI tool provided by the vendor. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line tool to manage sessions, search for connectors, and execute API actions. These operations are within the expected scope of a service integration tool. - [DATA_EXFILTRATION]: While the skill can retrieve customer and subscription data from ChartMogul, these operations are the primary intent of the skill and are performed through a managed, authenticated proxy.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by using
membrane connectfor authentication, ensuring that no API keys or secrets are stored in plain text or hardcoded in the instructions.
Audit Metadata