Scan Report
10 /100
zoho-analytics
Zoho Analytics integration. Manage data, records, and automate workflows. Use when the user wants to interact with Zoho Analytics data.
This skill is a pure-documentation SKILL.md for Zoho Analytics integration using the legitimate Membrane CLI — no implementation code, no scripts, and no suspicious behavior.
Safe to install
Approve for use. No security concerns identified. Ensure the Membrane CLI version is pinned in any downstream automation to prevent supply-chain drift.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:9 — requires network access for Zoho API and Membrane API communication |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:27-87 — runs npm install, membrane login, membrane connect, membrane ac… |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:27 — npm install writes to node_modules (implicit write), CLI output re… |
| Skill Invoke | NONE | NONE | — | No cross-skill invocations declared or inferred |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | NONE | NONE | — | Browser used only via Membrane's OAuth flow (external, not this skill) |
| Database | NONE | NONE | — | No database access found |
| Environment | NONE | NONE | — | No direct environment variable access; Membrane handles credentials server-side |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.zoho.com/analytics/help/api/ SKILL.md:19 File Tree
1 files · 4.4 KB · 129 lines Markdown 1f · 129L
└─
SKILL.md
Markdown
Security Positives
✓ No implementation code — only documentation in SKILL.md eliminates execution risk
✓ Credential management is explicitly handled server-side by Membrane with no local secret storage
✓ All shell commands are explicitly declared and tied to the legitimate @membranehq/cli npm package
✓ Network access is scoped to Zoho Analytics API and Membrane infrastructure — no arbitrary IP access
✓ No base64, eval, obfuscation, or anti-analysis patterns present
✓ SKILL.md clearly documents the purpose, authentication flow, and API proxy mechanism
✓ External URLs (getmembrane.com, zoho.com) are well-known legitimate services