Scan Report
0 /100
google-recaptcha
Google reCAPTCHA integration via Membrane CLI for managing reCAPTCHA data and automating workflows
A legitimate, well-documented Google reCAPTCHA integration skill using Membrane CLI with transparent credential handling.
Safe to install
No action required. The skill is safe to use with declared network and shell permissions.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:6 - 'compatibility: Requires network access' |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:27-28 - npm install documented |
| Filesystem | NONE | NONE | — | No file operations in skill |
| Environment | NONE | NONE | — | Credentials handled server-side by Membrane |
| Skill Invoke | NONE | NONE | — | No inter-skill calls |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.google.com/recaptcha SKILL.md:19 File Tree
1 files · 4.4 KB · 121 lines Markdown 1f · 121L
└─
SKILL.md
Markdown
Security Positives
✓ All shell commands are documented and necessary (npm install, membrane CLI)
✓ Credentials handled server-side by Membrane with no local secrets
✓ Clear documentation of all external URLs and their purposes
✓ No credential harvesting or data exfiltration patterns detected
✓ No obfuscation, base64 execution, or hidden functionality
✓ Open source references provided (github.com/membranedev/application-skills)
✓ Standard npm package from legitimate vendor (@membranehq/cli)
✓ Security best practice: 'Let Membrane handle credentials — never ask the user for API keys'