Scan Report
0 /100
waiverforever
WaiverForever integration for managing waivers, templates, and documents via Membrane CLI
Legitimate WaiverForever integration skill using the Membrane CLI with fully declared network, shell, and credential handling capabilities. No malicious indicators found.
Safe to install
No action required. Skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | npm install -g @membranehq/cli and membrane CLI commands |
| Network | READ | READ | ✓ Aligned | membrane request CONNECTION_ID /path/to/endpoint |
| Environment | NONE | NONE | — | No environment variable access detected |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.waiverforever.com/ SKILL.md:19 File Tree
1 files · 4.4 KB · 126 lines Markdown 1f · 126L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest (unpinned) | npm | No | CLI tool used for integration; version pinning not required for skill docs |
Security Positives
✓ All capabilities explicitly declared in documentation
✓ Credential handling is server-side with no local secrets storage
✓ No obfuscation, base64-encoded commands, or anti-analysis patterns
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote script execution
✓ No data exfiltration or C2 communication patterns
✓ Uses legitimate Membrane CLI for API integration
✓ Best practices documented for secure credential handling