中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:23 hr ago Rescan
5 /100
sidekick-ai
Sidekick AI integration via Membrane CLI — manage data, records, and automate workflows.
This skill is pure documentation with no embedded code. All behavior is declared in SKILL.md — it installs a legitimate npm CLI package and uses it to interact with a third-party API proxy service (Membrane), with no hidden functionality, credential theft, or exfiltration.
Skill Namesidekick-ai
Duration25.5s
Enginepi
Safe to install
No immediate action required. If npm global package installation is a concern, consider whether the skill should instead document a local npm install with version pinning.

Findings 1 items

Severity Finding Location
Low
Global npm package install without pinned version Supply Chain
The skill documents `npm install -g @membranehq/cli` without pinning to a specific version (e.g., @1.0.0). This allows a new malicious version to be installed silently. The skill does use `@latest` in action examples, which is acceptable for one-off npx calls but inconsistent with the global install guidance.
npm install -g @membranehq/cli
→ Pin the CLI version in the install command, e.g., `npm install -g @membranehq/[email protected]`, and align the npx examples to match. Periodically review the package for unexpected behavior.
 SKILL.md:27
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned SKILL.md documents membrane CLI calls to Membrane and Sidekick AI APIs
Shell WRITE WRITE ✓ Aligned SKILL.md documents npm install and membrane CLI shell commands
2 findings
🔗
Medium External URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
Medium External URL 外部 URL
https://www.sidekickai.com/docs
SKILL.md:19

File Tree

1 files · 4.4 KB · 126 lines
Markdown 1f · 126L
└─ 📝 SKILL.md Markdown 126L · 4.4 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
@membranehq/cli latest (unpinned) npm No Globally installed without version pinning; only used as a CLI wrapper

Security Positives

✓ All behavior is documented in SKILL.md — no hidden code or shadow functionality
✓ No credential harvesting or environment variable exfiltration
✓ No obfuscated code, base64 payloads, or anti-analysis patterns
✓ No sensitive file path access (~/.ssh, ~/.aws, .env, etc.)
✓ No scripts or code files present — purely a documentation-only skill
✓ Membrane handles authentication server-side, avoiding local credential storage
✓ No C2 communication, reverse shell, or remote execution beyond documented API calls
✓ Skill metadata (author, version, license, repository) is clearly declared