Scan Report
5 /100
wirewheel
WireWheel integration for privacy management platform — manage data, records, and automate workflows
WireWheel is a legitimate privacy management platform integration skill that uses the Membrane CLI to interact with WireWheel's API. No malicious code, credential theft, or obfuscation detected — only documentation with standard CLI commands.
Safe to install
This skill is safe to use. No actionable security concerns identified.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Global npm package installation without pinned version Supply Chain | SKILL.md:32 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:56-58 — membrane request passes API calls through Membrane proxy |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:32-34 — npm install -g, membrane login, membrane action run |
| Skill Invoke | ADMIN | ADMIN | ✓ Aligned | SKILL.md:47-53 — membrane action list, membrane action run |
| Filesystem | NONE | NONE | — | No file operations declared or observed |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://docs.wirewheel.io/ SKILL.md:19 File Tree
1 files · 10.5 KB · 328 lines Markdown 1f · 328L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Version not pinned; uses @latest tag for global install |
Security Positives
✓ No executable code files present — skill is documentation-only
✓ No credential theft or environment variable harvesting detected
✓ No obfuscation, base64-encoded execution, or anti-analysis patterns
✓ No suspicious network connections beyond declared WireWheel API
✓ Credential management handled transparently by Membrane (no local secrets)
✓ All capabilities are clearly declared in SKILL.md
✓ Uses established npm package (@membranehq/cli) from a known vendor
✓ No hidden functionality or doc-to-code mismatch