Scan Report
0 /100
simvoly
Simvoly integration for managing Websites, Funnels, Stores, Memberships, Bookings, Forms and more
This is a documentation-only skill that guides users through the legitimate Membrane CLI for Simvoly integration, with no implementation files, no credential exfiltration, and all network access properly declared.
Safe to install
No action required. The skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:6 - requires network access |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:35 - npm install -g and membrane CLI commands are documented |
| Filesystem | NONE | NONE | — | No file operations documented |
| Environment | NONE | NONE | — | No environment variable access documented |
| Clipboard | NONE | NONE | — | No clipboard access documented |
| Browser | NONE | NONE | — | Browser authentication via Membrane is declared |
| Database | NONE | NONE | — | No database access documented |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation documented |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://simvoly.com/help/ SKILL.md:19 File Tree
1 files · 4.5 KB · 136 lines Markdown 1f · 136L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ Explicitly prohibits credential harvesting (Section: 'Let Membrane handle credentials')
✓ All network operations are declared and necessary for the Simvoly integration
✓ Uses established authentication patterns (browser-based OAuth via Membrane)
✓ No sensitive file access (.ssh, .aws, .env) documented
✓ No obfuscation, base64 encoding, or suspicious execution patterns
✓ No external IP connections or data exfiltration patterns
✓ MIT license, open source repository referenced
✓ No supply chain risks from unpinned dependencies (CLI-based, not library-based)