中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
storyscale
StoryScale integration for managing data, records, and workflow automation via Membrane CLI
This is a documentation-only skill that provides guidance on using the Membrane CLI for StoryScale integration. No scripts, code, or hidden functionality exists beyond the SKILL.md documentation.
Skill Namestoryscale
Duration30.8s
Enginepi
Safe to install
No action needed. The skill is a pure documentation file with no executable code or suspicious behavior.

Findings 1 items

Severity Finding Location
Low
NPM package not version-pinned
The CLI is installed with @membranehq/cli without specifying a version, which could theoretically lead to unexpected updates. This is standard practice for CLI tools and the package is from a known vendor.
npm install -g @membranehq/cli
→ Consider pinning to a specific version (e.g., @membranehq/[email protected]) for reproducible builds, though this is a minor concern for CLI tools.
 SKILL.md:32
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned SKILL.md:32 npm install -g @membranehq/cli
Network READ READ ✓ Aligned SKILL.md:53 membrane request for API calls
2 findings
🔗
Medium External URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
Medium External URL 外部 URL
https://developers.storyscale.com/
SKILL.md:19

File Tree

1 files · 4.3 KB · 123 lines
Markdown 1f · 123L
└─ 📝 SKILL.md Markdown 123L · 4.3 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
@membranehq/cli * npm No Package not version pinned (minor concern)

Security Positives

✓ No executable scripts or code files present - purely documentation
✓ All shell operations are explicitly declared in SKILL.md
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or suspicious outbound connections
✓ No base64-encoded payloads or obfuscated code
✓ Uses established Membrane CLI toolchain with documented auth handling
✓ No hidden instructions or comments with malicious intent