hubstaff
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via npm. This is a verified vendor package from the organization that authored the skill and is required for the integration to function. - [COMMAND_EXECUTION]: The skill uses
membraneCLI commands to perform actions such asmembrane action runandmembrane request. These commands execute within the vendor's managed environment, providing a secure layer for API interaction. - [DATA_EXFILTRATION]: There is no evidence of unauthorized data transfer. The skill emphasizes using the
membrane connectflow for authentication, which keeps credential management server-side and prevents the exposure of raw API keys to the agent or user. - [SAFE]: The skill processes external data from Hubstaff but minimizes risks through platform-level controls.
- Ingestion points: Hubstaff API responses (e.g., task lists, activity logs) fetched via
membrane action runand referenced in SKILL.md. - Boundary markers: None explicitly present in the skill text.
- Capability inventory: The skill is limited to network requests via the Membrane platform; it does not request local file system access or the ability to execute arbitrary local code.
- Sanitization: Relies on the Membrane platform's internal handling of structured action parameters and proxy requests.
Audit Metadata