Scan Report
0 /100
lightspeed-ecom
Lightspeed eCom integration. Manage data, records, and automate workflows.
This is a legitimate Lightspeed eCommerce integration skill that uses the Membrane CLI for API operations. All behavior is accurately documented with no hidden functionality or security concerns.
Safe to install
This skill is safe to use. The Membrane CLI approach is a secure pattern that handles credentials server-side without local secrets.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md lines 32-35: npm install, membrane login/run commands |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md: Documentation content only |
| Network | READ | READ | ✓ Aligned | SKILL.md lines 62-90: membrane request proxies to Lightspeed API |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.lightspeedhq.com/ecom/ SKILL.md:19 File Tree
1 files · 4.5 KB · 135 lines Markdown 1f · 135L
└─
SKILL.md
Markdown
Security Positives
✓ All behavior accurately declared in SKILL.md
✓ No credential harvesting - Membrane handles auth server-side
✓ No base64/encoded payloads or obfuscation
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote script execution
✓ No data exfiltration or C2 communication
✓ CLI tool usage is documented and necessary for the integration
✓ Legitimate e-commerce platform APIs (Lightspeed, Membrane) - both are real companies
✓ Browser-based OAuth authentication, no password prompts