Scan Report
0 /100
nocodb
Nocodb integration. Manage Projects, Users, Roles. Use when the user wants to interact with Nocodb data.
A legitimate single-file Nocodb integration skill that uses the Membrane CLI to interact with Nocodb, with no hidden functionality, no scripts, and no concerning behavior beyond declared network access.
Safe to install
No action needed. The skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access declared or observed. |
| Network | READ | READ | ✓ Aligned | SKILL.md declares network access for Membrane CLI and Nocodb API interaction. |
| Shell | NONE | NONE | — | No shell execution beyond documented npm/membrane CLI commands. |
| Environment | NONE | NONE | — | No environment variable access observed. |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation declared. |
| Clipboard | NONE | NONE | — | No clipboard access. |
| Browser | NONE | NONE | — | No browser automation. |
| Database | NONE | NONE | — | Nocodb access is through API via Membrane proxy, not direct DB. |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://docs.nocodb.com/ SKILL.md:19 File Tree
1 files · 4.3 KB · 129 lines Markdown 1f · 129L
└─
SKILL.md
Markdown
Security Positives
✓ Single-file skill with no hidden scripts or binary code.
✓ All functionality is documented inline in SKILL.md — no doc-to-code mismatch.
✓ Delegates authentication to Membrane (open-source, MIT license) — no hardcoded credentials.
✓ Credentials are managed server-side by Membrane, not stored locally — reduces credential theft risk.
✓ Skill explicitly discourages asking users for API keys, directing them to use connections instead.
✓ No external dependencies bundled within the skill (no requirements.txt, package.json, etc.).
✓ No obfuscation, base64, eval, or anti-analysis patterns present.
✓ No sensitive path access (~/.ssh, ~/.aws, .env) observed.
✓ No persistence mechanisms, supply chain issues, or prompt injection vectors.