中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:21 hr ago Rescan
20 /100
upkeep
UpKeep integration — manage data, records, and automate workflows via the Membrane CLI
This is a single-file documentation skill for UpKeep API integration using the Membrane CLI; it uses only standard documented shell commands with no hidden functionality, credential access, or obfuscation.
Skill Nameupkeep
Duration41.8s
Enginepi
Safe to install
No blocking action needed. The skill is a legitimate API integration wrapper. Optionally improve the frontmatter metadata to declare filesystem:WRITE (npm install) and shell:WRITE (membrane CLI invocations) for full transparency.

Findings 3 items

Severity Finding Location
Low
Frontmatter capability declaration incomplete Doc Mismatch
The SKILL.md frontmatter declares no resources, yet the skill's shell commands (npm install, membrane CLI invocations) imply filesystem:WRITE and shell:WRITE usage. This is a minor documentation gap — the behavior IS described in the markdown body, just not in the structured metadata.
No `permissions` or `allowed-tools` block in frontmatter
→ Add a permissions section to frontmatter explicitly declaring filesystem:WRITE and shell:WRITE for the npm install and membrane CLI operations.
 SKILL.md:1
Low
Unpinned npm package reference Supply Chain
The install command uses @latest tag for @membranehq/cli, which means the version fetched could change between uses. While not inherently malicious, this introduces supply chain variability.
npm install -g @membranehq/cli
→ Pin to a specific version (e.g., npm install -g @membranehq/[email protected]) or recommend checking the current stable version.
 SKILL.md:38
Low
Generic proxy request allows arbitrary API paths Priv Escalation
The 'membrane request CONNECTION_ID /path/to/endpoint' command passes arbitrary URL paths to the Membrane proxy, which appends the base URL. While the Membrane proxy adds authentication headers transparently, the broad scope of arbitrary endpoint access is a wide-open network capability.
membrane request CONNECTION_ID /path/to/endpoint
→ Document which UpKeep API endpoints are commonly used, and advise that broad arbitrary path access should be reviewed against the principle of least privilege.
 SKILL.md:60
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned SKILL.md:38 — npm install -g @membranehq/cli writes to the global npm directory
Shell NONE WRITE ✓ Aligned SKILL.md:42-80 — multiple membrane CLI subcommands (login, connect, action run, …
Network NONE READ ✓ Aligned SKILL.md:60-74 — 'membrane request' and 'membrane action run' make HTTP API call…
2 findings
🔗
Medium External URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
Medium External URL 外部 URL
https://upkeep.zendesk.com/hc/en-us/categories/200475778-API
SKILL.md:19

File Tree

1 files · 4.5 KB · 136 lines
Markdown 1f · 136L
└─ 📝 SKILL.md Markdown 136L · 4.5 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
@membranehq/cli latest (unpinned) npm No External third-party CLI with no pinned version; trust based on vendor reputation only

Security Positives

✓ No code or scripts present — skill is purely documentation
✓ No credential harvesting or environment variable iteration
✓ No obfuscation (base64, eval, packing) or anti-analysis patterns
✓ No sensitive file access (~/.ssh, ~/.aws, .env, etc.)
✓ No data exfiltration or C2 communication patterns
✓ No reverse shell, RCE, or remote execution without user interaction
✓ All shell commands are documented in the markdown body
✓ Credential management is explicitly delegated to the Membrane service (no local secrets)
✓ API proxy routing is declared and follows a documented CLI interface