Scan Report
5 /100
sendbird
Sendbird integration. Manage Users, Channels. Use when the user wants to interact with Sendbird data.
This is a well-documented Sendbird integration skill using the Membrane CLI. No malicious behavior, hidden functionality, or undeclared capabilities detected.
Safe to install
This skill is safe to use. All operations are clearly documented: npm install for CLI setup, OAuth-based authentication, and proxy requests through Membrane's infrastructure.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | WRITE | ✓ Aligned | SKILL.md line 33: npm install writes to global node_modules |
| Network | READ | READ | ✓ Aligned | SKILL.md: All network access through Membrane proxy to Sendbird API |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: Declares npm install and membrane CLI usage |
| Environment | NONE | NONE | — | No environment variable access detected |
| Skill Invoke | NONE | NONE | — | No skill invocation detected |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | READ | READ | ✓ Aligned | SKILL.md line 37: OAuth browser flow for membrane login |
| Database | NONE | NONE | — | No database access detected |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://sendbird.com/docs/chat/v3/platform/getting-started/basic-concepts SKILL.md:19 File Tree
1 files · 4.3 KB · 123 lines Markdown 1f · 123L
└─
SKILL.md
Markdown
Security Positives
✓ Skill is purely documentation with no executable code
✓ All capabilities are clearly declared in SKILL.md
✓ Credentials are handled server-side by Membrane (no local secret storage)
✓ Best practices documented: prefer pre-built actions over raw API calls
✓ No base64 encoding, eval(), or obfuscation detected
✓ No credential harvesting or exfiltration patterns
✓ External URLs point to legitimate service providers (Membrane, Sendbird)
✓ OAuth-based authentication flow for user consent