Scan Report
5 /100
onethread
Onethread integration for managing data, records, and automating workflows
A legitimate Onethread integration skill using the Membrane CLI platform. Well-documented with transparent behavior, OAuth-based auth flow, and no suspicious patterns.
Safe to install
Skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:26 - npm install -g @membranehq/cli |
| Network | READ | READ | ✓ Aligned | SKILL.md:31 - membrane login, membrane connect |
| Filesystem | NONE | NONE | — | No file operations declared or observed |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.onethread.com/ SKILL.md:19 File Tree
1 files · 4.3 KB · 123 lines Markdown 1f · 123L
└─
SKILL.md
Markdown
Security Positives
✓ Well-documented skill with clear purpose and behavior description
✓ Uses OAuth/browser-based authentication, no hardcoded credentials
✓ All API interactions go through Membrane's secure proxy infrastructure
✓ Credential lifecycle managed server-side by Membrane platform
✓ No credential harvesting or environment variable access
✓ No obfuscation, base64 encoding, or suspicious code patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Reputable vendor (Membrane HQ) with public GitHub repository
✓ Open source skill definition (MIT license)