pay-with-bolt
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli tool from the official npm registry, which is an expected vendor resource.
- [COMMAND_EXECUTION]: The skill uses local CLI commands to manage API connections and execute platform-specific actions.
- [DATA_EXFILTRATION]: The skill communicates with external APIs via the Membrane proxy service as part of its primary integration function.
- [SAFE]: No malicious obfuscation, persistence, or privilege escalation patterns were found. The skill correctly directs users to managed authentication rather than requiring local secret storage.
Audit Metadata