warpwire Security Report — Low Risk | ClawSafe

10 /100

warpwire

Warpwire integration for video platform management via Membrane CLI

Legitimate Warpwire video platform integration using the Membrane CLI with transparent documentation and no hidden functionality.

Skill Namewarpwire

Duration30.5s

Enginepi

✓

Safe to install

Skill is safe to use. Consider pinning CLI versions in production environments.

Findings 1 items

Severity	Finding	Location
Low	CLI installed without version pinning Supply Chain The SKILL.md instructs users to install @membranehq/cli with @latest tag, which could fetch different versions over time. Version pinning would improve reproducibility. `npm install -g @membranehq/cli` → Consider pinning to a specific version, e.g., npm install -g @membranehq/[email protected]	`SKILL.md:29`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:29 - npm install -g; SKILL.md:35-73 - membrane CLI commands
Network	`READ`	`READ`	✓ Aligned	SKILL.md:75-93 - membrane request proxies to Warpwire API

2 findings

🔗

Medium External URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

Medium External URL 外部 URL

https://support.warpwire.com/

SKILL.md:19

1 files · 4.4 KB · 127 lines

Markdown 1f · 127L

└─ 📝 SKILL.md Markdown 127L · 4.4 KB

Package	Version	Source	Known Vulns	Notes
`@membranehq/cli`	`latest`	npm	No	Version not pinned - installs latest tag

✓ Documentation is clear and comprehensive about all functionality

✓ No credential harvesting - credentials managed server-side by Membrane

✓ No obfuscated code or hidden instructions

✓ No sensitive file/path access (no ~/.ssh, .env, etc.)

✓ No base64-encoded payloads or anti-analysis techniques

✓ Uses legitimate third-party connector (Membrane) for auth lifecycle

✓ No remote code execution from untrusted sources

✓ No evidence of data exfiltration