Scan Report
5 /100
vivomeetings
Vivomeetings integration for video conferencing management
Vivomeetings integration skill using Membrane CLI - no malicious behavior detected, all capabilities declared in documentation.
Safe to install
This skill is safe to use. No action required.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | CLI version not pinned | SKILL.md:24 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:45 - membrane request through proxy |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:24 - npm install -g @membranehq/cli |
| Filesystem | NONE | NONE | — | No file operations found |
| Environment | NONE | NONE | — | No environment access found |
| Skill Invoke | NONE | NONE | — | No skill invocation found |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | NONE | NONE | — | No browser automation found |
| Database | NONE | NONE | — | No database access found |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.vivomeetings.com/ SKILL.md:19 File Tree
1 files · 4.3 KB · 123 lines Markdown 1f · 123L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | @latest | npm | No | Version not pinned - uses @latest |
Security Positives
✓ Credentials handled server-side by Membrane - no local secret storage
✓ All shell commands are documented and necessary for the integration
✓ No credential harvesting or exfiltration patterns detected
✓ No base64, eval, or obfuscated code found
✓ No hidden functionality - all behavior declared in SKILL.md
✓ Network access only through documented Membrane proxy
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote execution patterns