Scan Report
5 /100
getform
Getform integration. Manage data, records, and automate workflows.
Documentation-only skill that describes using the Membrane CLI to interact with Getform, with all functionality clearly declared and no hidden malicious behavior.
Safe to install
This skill is safe to use. When executing npm install -g, consider pinning to a specific version for reproducibility.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned npm package version Supply Chain | SKILL.md:27 |
| Info | External URLs present Doc Mismatch | SKILL.md:7 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in SKILL.md |
| Network | READ | READ | ✓ Aligned | Uses Membrane CLI for API requests to Getform |
| Shell | WRITE | WRITE | ✓ Aligned | Uses npm install -g and membrane CLI commands (documented) |
| Environment | NONE | NONE | — | No environment variable access documented |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://getform.io/docs SKILL.md:19 File Tree
1 files · 4.3 KB · 122 lines Markdown 1f · 122L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code - documentation only
✓ All shell commands and network access clearly declared in SKILL.md
✓ Credentials managed through Membrane's secure connection system, not local API keys
✓ No access to sensitive files (~/.ssh, ~/.aws, .env)
✓ No obfuscation or base64-encoded content
✓ No credential harvesting behavior
✓ Standard legitimate integration documentation