xebialabs
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from NPM. This is a legitimate tool provided by the author (membranedev) to facilitate secure authentication and API interactions. - [COMMAND_EXECUTION]: The skill uses several shell commands (e.g.,
membrane login,membrane connect,membrane action run). These are standard operational commands for the documented CLI tool and do not involve suspicious behavior or privilege escalation. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against manual secret handling, stating that Membrane manages the authentication lifecycle server-side. This reduces the risk of credential exposure compared to traditional methods of asking for API keys.
Audit Metadata