Scan Report
5 /100
vtex
VTEX integration for managing data, records, and workflow automation
Clean VTEX integration skill that uses the Membrane CLI with fully documented, legitimate behavior and no hidden functionality.
Safe to install
No action required. The skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:40-52 - membrane request command for API calls |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:27 - npm install -g @membranehq/cli |
| Filesystem | NONE | NONE | — | No file operations beyond CLI installation |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.vtex.com/ SKILL.md:19 File Tree
1 files · 4.3 KB · 125 lines Markdown 1f · 125L
└─
SKILL.md
Markdown
Security Positives
✓ No hidden functionality - all operations are documented in SKILL.md
✓ No credential storage or harvesting - Membrane handles auth server-side
✓ No base64, eval, or obfuscated code patterns
✓ No curl|bash or wget|sh remote script execution
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ Uses version-pinned CLI installation via npm
✓ Standard npm install for CLI tool - legitimate behavior
✓ No external data exfiltration detected
✓ Clear documentation of all capabilities and behaviors