Scan Report
5 /100
sedna
SEDNA integration for maritime shipping collaboration platform
Documentation-only skill with no executable code; all declared capabilities (shell, network) are appropriately scoped and documented.
Safe to install
No action needed. The skill is a simple SKILL.md file with no malicious functionality.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:32 - npm install -g @membranehq/cli; SKILL.md:38 - membrane login |
| Network | READ | READ | ✓ Aligned | SKILL.md:7 - compatibility states 'Requires network access' |
| Filesystem | NONE | NONE | — | No file operations mentioned in SKILL.md |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://docs.sedna.io/ SKILL.md:19 File Tree
1 files · 4.3 KB · 124 lines Markdown 1f · 124L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Official Membrane CLI; version pinned to latest in documentation |
Security Positives
✓ No executable code present - skill is documentation-only
✓ Network access declared in compatibility section
✓ Shell commands are standard CLI operations (npm install, membrane CLI)
✓ No credential harvesting or sensitive data access
✓ Uses official Membrane SDK for all API interactions
✓ Credential management handled server-side by Membrane (no local secrets)
✓ No base64, eval, or obfuscated code patterns