threat-stack
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to install and use the
@membranehq/clitool. This is a vendor-provided tool used to manage integrations and execute actions. - [EXTERNAL_DOWNLOADS]: The skill references the installation of the
@membranehq/clipackage from the official NPM registry, which is a standard procedure for this vendor's tools. - [CREDENTIALS_UNSAFE]: The skill follows secure practices by using
membrane connectfor authentication, which manages tokens server-side rather than requiring the user to provide or store raw API keys locally.
Audit Metadata