upbooks
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Membrane CLI (
membrane) to perform all operations, such as logging in, connecting to services, and executing API actions. This is a controlled execution environment that centralizes authentication logic. - [EXTERNAL_DOWNLOADS]: The instructions guide the user to install the
@membranehq/clipackage from the official npm registry. This package is maintained by the skill's vendor and is used to provide the necessary tooling for the integration. - [DATA_EXFILTRATION]: Analysis of the network operations shows that data is only sent to the UpBooks API and the Membrane platform. No unauthorized data exfiltration or credential harvesting patterns were identified.
- [CREDENTIALS_UNSAFE]: The skill correctly avoids hardcoding API keys or tokens. Instead, it uses a connection-based model where credentials are managed server-side by the Membrane platform, reducing the risk of local credential exposure.
Audit Metadata