datananas
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI via npm (
@membranehq/cli). This is a legitimate package provided by the vendor (Membrane) for the purpose of the skill. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line tool to perform actions like authentication, searching for connectors, and running API requests. These commands are restricted to the intended functionality of the integration. - [DATA_EXFILTRATION]: While the skill performs network operations to Datananas and Membrane servers, these are authorized API calls required for the skill's primary purpose. No evidence of unauthorized data exfiltration or access to sensitive local files was found.
- [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking for API keys or tokens, instead utilizing Membrane's built-in connection system to handle authentication server-side, which is a positive security practice.
Audit Metadata