Scan Report
5 /100
basiq
Basiq integration for managing financial data and automating workflows via Membrane CLI
Basiq integration skill that uses the documented Membrane CLI for financial data operations. All behavior is declared in SKILL.md with no hidden functionality, credential harvesting, or suspicious patterns.
Safe to install
Skill is safe to use. Monitor npm package versions for the Membrane CLI to ensure supply chain integrity.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned npm package version Supply Chain | SKILL.md:30 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md: Communicates with Basiq API and Membrane proxy |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: npm install -g, membrane CLI commands |
| Filesystem | NONE | NONE | — | No filesystem operations detected |
| Environment | NONE | NONE | — | No environment variable access detected |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://basiq.io/documentation/ SKILL.md:19 File Tree
1 files · 4.3 KB · 123 lines Markdown 1f · 123L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Version not pinned - recommend pinning to specific version |
Security Positives
✓ All shell commands are explicitly documented in SKILL.md
✓ No credential harvesting - uses Membrane's OAuth flow for authentication
✓ No sensitive file/path access (no ~/.ssh, ~/.aws, .env access)
✓ No base64 encoding, obfuscation, or anti-analysis patterns
✓ No hidden HTML comments or injected instructions
✓ Network requests are routed through Membrane's documented proxy
✓ No data exfiltration patterns observed
✓ Simple, straightforward integration logic