mozilla-observatory
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage from the npm registry. This is the official command-line interface provided by the vendor (membranedev) for interacting with their infrastructure. - [COMMAND_EXECUTION]: The instructions involve executing various subcommands of the
membraneCLI, such aslogin,connect, andaction run. These are standard operational commands for the intended functionality of the skill. - [DATA_EXFILTRATION]: The skill promotes secure credential management by using the Membrane platform's native connection system. It explicitly advises against asking users for API keys or tokens, instead delegating authentication lifecycle management to the platform's server-side logic.
- [REMOTE_CODE_EXECUTION]: While the skill mentions
membrane action createwhich triggers the generation of new logic on the Membrane platform, this is a core feature of the managed service rather than an arbitrary or hidden remote execution vulnerability within the skill's own instructions.
Audit Metadata