Scan Report
10 /100
chift
Chift integration. Manage data, records, and automate workflows. Use when the user wants to interact with Chift data.
This is a documentation-only skill that guides users to install and use a legitimate third-party CLI (Membrane) for Chift integration, with all behavior declared in SKILL.md.
Safe to install
This skill is safe to use. The only action is installing a documented npm CLI tool, which is standard practice. No additional precautions needed beyond standard npm package installation practices.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md only - no file operations |
| Network | NONE | NONE | — | Delegated to Membrane CLI which handles all network calls |
| Shell | NONE | NONE | — | CLI installation commands are documented and standard |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No sub-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | Browser auth handled by Membrane CLI |
| Database | NONE | NONE | — | No database access |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://docs.chift.eu/ SKILL.md:19 File Tree
1 files · 4.3 KB · 125 lines Markdown 1f · 125L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ All commands and behaviors fully declared in SKILL.md
✓ Delegates credential management to a well-defined external CLI (Membrane)
✓ No sensitive file paths accessed (no ~/.ssh, ~/.aws, .env access)
✓ No base64 encoding, eval patterns, or obfuscation
✓ No credential harvesting or data exfiltration indicators
✓ Standard npm package installation from official @membranehq/cli registry
✓ Uses official Chift documentation links
✓ No hidden functionality or shadow behavior