Scan Report
5 /100
paragon
Paragon integration for managing data, records, and workflow automation
Documentation-only skill with all capabilities explicitly declared. No executable code, no suspicious behavior, and no indicators of malicious intent.
Safe to install
No action required. This is a legitimate Paragon integration skill that uses the documented Membrane CLI for CDP operations.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:31 - npm install -g @membranehq/cli |
| Network | READ | READ | ✓ Aligned | SKILL.md:60-84 - membrane request/proxy for API calls |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://help.useparagon.com/ SKILL.md:19 File Tree
1 files · 9.1 KB · 323 lines Markdown 1f · 323L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code to analyze
✓ All shell and network capabilities are explicitly declared in SKILL.md
✓ Credentials are handled server-side by Membrane, not stored locally
✓ Skill explicitly instructs to never ask users for API keys
✓ Best practices section encourages using pre-built actions over raw API calls
✓ Clear OAuth-based authentication flow with browser interaction