tinfoil-security
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI tool (
@membranehq/cli) from the public NPM registry. This package is maintained by the skill's author and is a standard requirement for using the platform. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility to interact with the Tinfoil Security API. These commands are used for authenticated actions such as searching for connectors, listing connections, and executing security scans. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by specifically instructing users NOT to handle API keys or tokens directly. Instead, it utilizes Membrane's managed connection system to handle the OAuth lifecycle server-side.
- [DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were detected. Network operations are directed through the vendor's proxy which handles authentication and request routing to the official Tinfoil Security API.
Audit Metadata