chift
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@membranehq/clipackage from the NPM registry, which is an official tool provided by the vendor to interact with their integration platform. - [COMMAND_EXECUTION]: Instructions involve using the
membraneCLI to perform legitimate integration tasks such as searching for connectors, listing connections, and executing API actions. - [CREDENTIALS_UNSAFE]: Demonstrates good security posture by explicitly advising against asking for user API keys and instead utilizing the platform's built-in connection management system to handle the authentication lifecycle.
- [DATA_EXFILTRATION]: Uses a proxied request mechanism (
membrane request) that routes traffic through the vendor's infrastructure, which is the intended design for secure credential injection and does not represent an exfiltration risk in this context.
Audit Metadata