Scan Report
5 /100
loyjoy
LoyJoy integration - conversational marketing platform management via Membrane CLI
This is a pure documentation skill (SKILL.md only) describing how to use the legitimate Membrane CLI to interact with the LoyJoy conversational marketing platform. No executable code, scripts, or suspicious patterns present.
Safe to install
This skill is safe to use. It documents only the use of a standard npm package (@membranehq/cli) for API integration, with no local credential storage or suspicious behavior.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access required or used |
| Network | READ | READ | ✓ Aligned | SKILL.md declares network access for API calls through Membrane CLI |
| Shell | NONE | NONE | — | No shell commands executed directly; documents npm install and membrane CLI usag… |
| Environment | NONE | NONE | — | No environment variable access or credential storage |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | Browser authentication is handled by Membrane CLI (external tool) |
| Database | NONE | NONE | — | No database access |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.loyjoy.com/ SKILL.md:19 File Tree
1 files · 4.3 KB · 126 lines Markdown 1f · 126L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest (via npx) | npm | No | Version not pinned but this is by design for CLI documentation |
Security Positives
✓ Pure documentation skill with no executable code
✓ Uses legitimate, publicly available npm package (@membranehq/cli)
✓ Credentials handled by Membrane server-side - no local secrets stored
✓ Clear documentation of all capabilities and intended behavior
✓ No suspicious patterns: no base64, no curl|bash, no eval(), no direct IP connections
✓ No sensitive file access (no ~/.ssh, ~/.aws, .env access)
✓ No credential harvesting or exfiltration
✓ Standard authentication flow through trusted Membrane platform