中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:17 hr ago Rescan
20 /100
salesmsg
Salesmsg integration using Membrane CLI to manage Persons, Organizations, Conversations, Users, Numbers, Templates and more.
Salesmsg integration skill that delegates to the Membrane CLI; no malicious behavior detected, but npm package versions are unpinned creating supply chain exposure.
Skill Namesalesmsg
Duration36.9s
Enginepi
Safe to install
Pin CLI versions (e.g., @membranehq/[email protected]) to prevent unexpected changes. Prefer pre-built Membrane actions over raw API proxy requests for better auditability.

Findings 3 items

Severity Finding Location
Low
Unpinned npm global installation Supply Chain
SKILL.md instructs 'npm install -g @membranehq/cli' without a version pin, fetching whatever version is currently latest. This allows the upstream package to change behavior silently.
npm install -g @membranehq/cli
→ Pin to a specific version: npm install -g @membranehq/[email protected]
 SKILL.md:28
Low
npx uses @latest without version pinning Supply Chain
The documentation recommends 'npx @membranehq/cli@latest action list' which always fetches the latest release, bypassing any version lock.
npx @membranehq/cli@latest action list --intent=QUERY
→ Use a pinned version in all npx invocations to ensure reproducible behavior.
 SKILL.md:77
Info
Credential handling is opaque Doc Mismatch
The skill delegates authentication entirely to the Membrane CLI, which handles tokens server-side. Users cannot audit or inspect credential storage. This is a known trade-off of the abstraction, not a hidden flaw.
Membrane handles authentication and credentials refresh automatically
→ Users should trust the Membrane platform (verified MIT license, public repo). For higher assurance, prefer skills that expose credential handling.
 SKILL.md:22
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No direct file reads/writes; npm install writes to global node_modules (implicit…
Network READ READ ✓ Aligned membrane request makes outbound API calls through Membrane proxy
Shell WRITE WRITE ✓ Aligned npm install, membrane login, membrane action run commands declared in SKILL.md l…
Environment NONE NONE Membrane handles auth server-side; no direct env access observed
Skill Invoke NONE NONE No nested skill invocation declared
Clipboard NONE NONE No clipboard access observed
Browser NONE NONE Browser used for OAuth flow only (membrane login); no headless browser usage
Database NONE NONE No direct database access
2 findings
🔗
Medium External URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
Medium External URL 外部 URL
https://developers.salesmsg.com/
SKILL.md:19

File Tree

1 files · 4.5 KB · 135 lines
Markdown 1f · 135L
└─ 📝 SKILL.md Markdown 135L · 4.5 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
@membranehq/cli latest (unpinned) npm No Version not pinned; fetches latest on install

Security Positives

✓ No direct code execution of obfuscated payloads (base64, eval, etc.)
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No data exfiltration or C2 communication observed
✓ No credential harvesting — Membrane manages auth server-side
✓ MIT license, public GitHub repository — auditable
✓ Reputable domain (getmembrane.com, developers.salesmsg.com)
✓ All shell commands are explicitly declared in SKILL.md
✓ No reverse shell, persistence mechanisms, or cron/scheduled task creation