Scan Report
15 /100
paygreen
PayGreen integration for payment processing with Membrane CLI
PayGreen integration skill using Membrane CLI with transparent documentation; no hidden malicious behavior detected.
Safe to install
Skill appears safe. Consider pinning the CLI version in production for reproducibility.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | CLI package version not pinned | SKILL.md:25 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations found; SKILL.md is documentation only |
| Network | READ | READ | ✓ Aligned | SKILL.md:1 - External URLs (getmembrane.com, developers.paygreen.fr) and API pro… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:25 - npm install -g @membranehq/cli is explicitly documented |
| Browser | READ | READ | ✓ Aligned | SKILL.md:31 - Browser-based OAuth authentication flow is documented |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.paygreen.fr/ SKILL.md:19 File Tree
1 files · 4.2 KB · 121 lines Markdown 1f · 121L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | unpinned | npm | No | No version specified; installs whatever is latest in registry |
Security Positives
✓ All network access is declared in documentation
✓ Credential handling is explicitly managed by Membrane (no local secrets stored)
✓ No hidden subprocess execution or eval patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No base64 encoded payloads or obfuscated code
✓ No credential harvesting or data exfiltration
✓ OAuth flow uses standard browser-based authentication
✓ Skill is open source with clear MIT license