plaid Security Report — Low Risk | ClawSafe

15 /100

plaid

Plaid integration for managing banking data, transactions, and workflows via Membrane CLI

Single-file Plaid integration skill using Membrane CLI; all functionality is documented with no hidden behavior, though npm install lacks version pinning.

Skill Nameplaid

Duration24.9s

Enginepi

✓

Safe to install

Pin the CLI version in the install command (e.g., `@membranehq/[email protected]`) to prevent unexpected updates.

Findings 1 items

Severity	Finding	Location
Low	Unpinned npm package version Supply Chain The command `npm install -g @membranehq/cli` installs the latest version of the Membrane CLI without version pinning. This could allow a malicious actor to publish a new version with compromised code that gets installed on update. `npm install -g @membranehq/cli` → Pin to a specific version: `npm install -g @membranehq/[email protected]` or use a hash-based verification.	`SKILL.md:26`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations described or performed
Network	`READ`	`READ`	✓ Aligned	Membrane proxy requests to Plaid API; documented in SKILL.md
Shell	`WRITE`	`WRITE`	✓ Aligned	npm install and membrane CLI commands; declared in SKILL.md
Environment	`NONE`	`NONE`	—	No environment variable access documented or observed
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard operations
Browser	`NONE`	`NONE`	—	OAuth flow uses external browser, not automated browser control
Database	`NONE`	`NONE`	—	No database access

2 findings

🔗

Medium External URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

Medium External URL 外部 URL

https://plaid.com/docs/

SKILL.md:19

File Tree

1 files · 4.4 KB · 130 lines

Markdown 1f · 130L

└─ 📝 SKILL.md Markdown 130L · 4.4 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`@membranehq/cli`	`*`	npm	No	Version not pinned — installs latest on npm install

Security Positives

✓ All capabilities explicitly documented in SKILL.md — no hidden behavior

✓ Credential management delegated to Membrane's server-side auth lifecycle — no local secrets stored

✓ No credential harvesting, data exfiltration, or obfuscation observed

✓ No sensitive file paths (~/.ssh, ~/.aws, .env) accessed

✓ Uses pre-built Membrane actions rather than raw API calls, reducing attack surface

✓ MIT license and public repository listed for verification

Scan Report

Findings 1 items

File Tree

Dependencies 1 items

Security Positives