icypeas
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry to interact with the vendor's platform. - [COMMAND_EXECUTION]: Uses the
membranecommand-line interface to perform operations such as authentication, connection management, action discovery, and API requests via a proxy. - [METADATA_POISONING]: The description and overview sections incorrectly identify Icypeas as a customer feedback management platform for product managers. While the technical actions (LinkedIn scraping, email verification) are consistent with the actual Icypeas prospecting service, the misleading metadata could cause user confusion regarding the skill's purpose.
Audit Metadata