Scan Report
10 /100
asavie
Asavie integration for managing data, records, and workflow automation via Membrane CLI
Asavie integration skill contains only documentation with no malicious indicators; all shell commands are explicitly declared and legitimate for CLI-based integration.
Safe to install
Skill is safe to use. No action required.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | npm package version not pinned Supply Chain | SKILL.md:31 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md:line 31 npm install -g requires filesystem WRITE |
| Network | READ | READ | ✓ Aligned | SKILL.md:line 73 membrane request allows HTTP API calls |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:lines 31-88 all shell commands documented |
| Environment | NONE | NONE | — | No environment variable access declared or observed |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.asavie.com/developer-portal/ SKILL.md:19 File Tree
1 files · 5.2 KB · 179 lines Markdown 1f · 179L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Version not pinned |
Security Positives
✓ All shell commands explicitly documented in SKILL.md
✓ No hidden or undocumented functionality detected
✓ No credential theft patterns (credentials managed server-side by Membrane)
✓ No base64 encoding, eval patterns, or obfuscation
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No external IP connections (all routed through Membrane proxy)
✓ No data exfiltration indicators
✓ No persistence mechanisms (no cron jobs, startup hooks, or backdoors)