clay
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official Membrane CLI (
@membranehq/cli) for all operations. This is a vendor-provided tool that handles authentication securely via OAuth flows. - [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage via npm. This is a standard dependency for skills interacting with the Membrane platform and originates from the vendor's official package registry. - [CREDENTIALS_UNSAFE]: The skill explicitly instructs against hardcoding API keys or tokens. It uses a delegated connection model (
membrane connect) where secrets are managed server-side by the platform, minimizing the risk of local credential exposure. - [COMMAND_EXECUTION]: Shell commands are restricted to the
membraneCLI for action discovery, execution, and proxy requests, which is the intended and documented purpose of the skill.
Audit Metadata