clerkio
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from NPM. This is a vendor-owned command-line tool used to manage the integration and does not introduce third-party risks. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform various operations such as searching for connectors, managing connections, and running actions. These commands are part of the intended functionality for interacting with the Clerk.io ecommerce platform. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The skill explicitly advises against asking for or storing API keys locally, instead using a server-side connection model which is a recommended security practice.
- [PROMPT_INJECTION]: The skill contains no instructions designed to bypass agent safety filters or override system prompts.
- [REMOTE_CODE_EXECUTION]: There are no patterns suggesting the execution of untrusted remote code. All operations are mediated through the official vendor CLI.
Audit Metadata