truework
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the
@membranehq/cliNode.js package, which is an official tool provided by the vendor. This is used for managing connections and executing actions within the Membrane ecosystem. - [SAFE]: Authentication is handled through a secure login flow (
membrane login) that uses browser-based authentication or a controlled headless flow, preventing the need for the agent to handle or store raw API keys. - [SAFE]: The instructions explicitly promote secure practices, such as letting the platform manage credentials and using pre-built actions that include built-in error handling and pagination.
- [SAFE]: API requests are routed through a managed proxy (
membrane request), which automatically handles header injection and token refreshing, reducing the risk of credential exposure.
Audit Metadata