ibm-api-connect
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry, which is a verified vendor resource for the authormembranedev. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform operational tasks such as searching for connectors, managing connections, and executing API actions through the platform's proxy. - [SAFE]: Implements robust credential security by utilizing a managed authentication flow (
membrane loginandmembrane connect), which prevents the need for hardcoded keys or the manual handling of sensitive tokens. - [SAFE]: Includes explicit security guidance for the agent to never request API keys from the user, relying instead on the platform's internal connection management to maintain the principle of least privilege.
- [SAFE]: Interaction with the IBM API Connect endpoints is conducted through a managed proxy (
membrane request), providing a controlled environment for data exchange and automated header injection.
Audit Metadata