Scan Report
5 /100
summit
Summit integration. Manage Organizations, Pipelines, Users, Goals, Filters.
Documentation-only skill with fully declared behavior; uses legitimate Membrane CLI for Summit integration with no hidden functionality.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:21 - npx @membranehq/cli@latest login |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:21-58 - All npx commands use shell execution |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:24 - Credentials stored in ~/.membrane/credentials.json |
1 findings
Medium External URL 外部 URL
https://developer.summit.ai/ SKILL.md:17 File Tree
1 files · 4.4 KB · 116 lines Markdown 1f · 116L
└─
SKILL.md
Markdown
Security Positives
✓ No code/scripts present - pure documentation reduces attack surface
✓ All shell operations declared and documented with npx commands
✓ Credential handling properly delegated to Membrane CLI (no manual key collection)
✓ Best practices documented: prefer pre-built actions over raw API calls
✓ Explicitly warns against collecting user API keys/tokens
✓ No hidden functionality, base64 encoding, or obfuscated code