Scan Report
5 /100
klazify
Klazify integration for web scraping and data extraction via Membrane CLI
Pure documentation-only skill that uses the Membrane CLI to interact with Klazify API. No executable code, scripts, or hidden functionality detected.
Safe to install
Skill is safe to use. No action required.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | npm package version not pinned Supply Chain | SKILL.md:28 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations declared or performed |
| Network | READ | READ | ✓ Aligned | API calls to Klazify through membrane CLI (documented) |
| Shell | WRITE | WRITE | ✓ Aligned | npm install -g @membranehq/cli and membrane CLI commands (documented) |
| Environment | NONE | NONE | — | No environment variable access detected |
| Skill Invoke | NONE | NONE | — | No skill invocation detected |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | NONE | NONE | — | Browser auth via membrane login flow (documented OAuth) |
| Database | NONE | NONE | — | No database access detected |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.klazify.com/documentation SKILL.md:19 File Tree
1 files · 5.1 KB · 130 lines Markdown 1f · 130L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | * | npm | No | Version not pinned |
Security Positives
✓ Pure documentation skill - no executable code to analyze
✓ All functionality clearly documented in SKILL.md
✓ Uses established Membrane CLI tool for auth (OAuth flow, not API key handling)
✓ No credential harvesting or exfiltration detected
✓ No obfuscated code or suspicious patterns
✓ Best practices section emphasizes secure patterns