tonic
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from the official NPM registry (@membranehq/cli). This is a well-known service and the package is associated with the skill's vendor (membranedev).
- [COMMAND_EXECUTION]: The skill provides standard command-line instructions for using the Membrane CLI (e.g.,
membrane login,membrane connect,membrane action run). These commands are used for their intended purpose of managing API integrations and do not exhibit malicious patterns like privilege escalation or persistence. - [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The skill explicitly advises against handling raw credentials and instead relies on the Membrane platform to manage authentication securely.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by using an OAuth-like flow through the
membrane logincommand and avoiding the use of hardcoded API keys or prompts for user secrets.
Audit Metadata