shoprocket
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from npm. This is the official command-line tool for the Membrane platform, which acts as the intermediary for Shoprocket interactions. As a vendor-owned resource, this download is considered part of the expected functionality. - [COMMAND_EXECUTION]: Provides instructions for using the
membraneCLI to perform tasks such as authentication, connection management, and running Shoprocket actions. These operations are restricted to the vendor's toolset and are necessary for the skill's primary function. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, instead utilizing Membrane's server-side connection management to handle authentication securely and minimize the risk of credential exposure.
Audit Metadata