inedo-otter Security Report — Low Risk | ClawSafe

5 /100

inedo-otter

Inedo Otter integration for infrastructure automation and deployment management

Documentation-only skill for Inedo Otter integration using Membrane CLI as a secure authentication intermediary. No implementation code, no credential harvesting, and all network operations flow through the documented Membrane service.

Skill Nameinedo-otter

Duration20.9s

Enginepi

✓

Safe to install

This skill is safe to use. All operations use Membrane's CLI which handles authentication server-side. No additional security controls needed.

Findings 1 items

Severity	Finding	Location
Info	External URL references SKILL.md references external URLs (getmembrane.com, inedo.com) which is standard for integration documentation `https://getmembrane.com` → No action needed - external documentation links are expected for integration skills	`SKILL.md:7`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No filesystem access declared or required
Network	`READ`	`READ`	✓ Aligned	Network access through Membrane CLI only
Shell	`WRITE`	`WRITE`	✓ Aligned	npm install and membrane CLI commands documented
Environment	`NONE`	`NONE`	—	No environment variable access

2 findings

🔗

Medium External URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

Medium External URL 外部 URL

https://inedo.com/support/documentation/otter

SKILL.md:19

File Tree

1 files · 4.5 KB · 139 lines

Markdown 1f · 139L

└─ 📝 SKILL.md Markdown 139L · 4.5 KB

Security Positives

✓ Uses Membrane as a secure auth intermediary - credentials never stored locally

✓ No executable code - documentation only with no attack surface

✓ No credential harvesting or exfiltration patterns

✓ No suspicious patterns (base64, eval, reverse shell)

✓ Clear documentation of all CLI operations

✓ Follows best practices: discover actions before custom API calls

Scan Report

Findings 1 items

File Tree

Security Positives