signpath
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is the official CLI tool provided by the vendor (Membrane) and is a standard requirement for using their integration platform. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to perform administrative tasks such as logging in, creating connections, and executing API actions. These commands are part of the intended functionality for interacting with the service. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, instead recommending the use of Membrane's server-side connection management, which is a positive security practice.
- [DATA_EXFILTRATION]: No suspicious network activity was detected. API interactions are routed through a managed proxy that handles authentication headers securely.
Audit Metadata