Scan Report
0 /100
sap-c4c
SAP C4C integration for managing data, records, and workflow automation
This is a legitimate SAP C4C integration skill using the Membrane CLI. All capabilities (network access for API calls) are declared, documented, and necessary for the stated purpose. No malicious patterns detected.
Safe to install
This skill is safe to use. No additional security controls required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md: npm install @membranehq/cli, membrane request for SAP C4C API |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://help.sap.com/viewer/product/SAP_CLOUD_FOR_CUSTOMER/CLOUD SKILL.md:19 File Tree
1 files · 5.7 KB · 199 lines Markdown 1f · 199L
└─
SKILL.md
Markdown
Security Positives
✓ All network access is declared and documented for SAP C4C API integration
✓ Credential management is handled server-side by Membrane, no local secret storage
✓ Documentation clearly states 'never ask the user for API keys or tokens'
✓ No base64 encoding, eval(), or obfuscation patterns
✓ No sensitive file path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote script execution patterns
✓ No environment variable iteration for credential harvesting
✓ Skill is MIT licensed with a legitimate GitHub repository