teller Security Report — Low Risk | ClawSafe

15 /100

teller

Teller integration. Manage data, records, and automate workflows. Use when the user wants to interact with Teller data.

Documentation-only skill for Teller/Membrane integration with all behavior declared; minor supply chain concern from unpinned npm CLI but no direct security impact.

Skill Nameteller

Duration26.8s

Enginepi

✓

Safe to install

No immediate action required. Consider pinning the CLI version (e.g., @membranehq/[email protected]) for reproducible builds. The Membrane proxy model is a sound security architecture.

Findings 2 items

Severity	Finding	Location
Low	Unpinned npm CLI dependency Supply Chain The skill instructs to install @membranehq/cli without a version pin. This allows resolution to a different (potentially malicious) version on future installs. `npm install -g @membranehq/cli` → Pin to a specific version: npm install -g @membranehq/[email protected]	`SKILL.md:24`
Info	Unofficial npm package domain Supply Chain Uses @membranehq namespace on npm public registry. While legitimate, organization-owned packages on public registries present inherent supply chain risk. `npm install -g @membranehq/cli` → Verify package integrity via npm provenance or checksum if available. Consider using a private registry mirror for higher assurance.	`SKILL.md:24`

Resource	Declared	Inferred	Status	Evidence
Network	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:38-57 - membrane request command with arbitrary HTTP methods
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:24 - npm install -g @membranehq/cli; SKILL.md:28-34 - membrane login/co…
Filesystem	`NONE`	`NONE`	—	No file operations declared or observed
Environment	`NONE`	`NONE`	—	SKILL.md explicitly states 'never ask the user for API keys or tokens' and uses …
credential_theft	`NONE`	`NONE`	—	SKILL.md:58 - 'Let Membrane handle credentials — never ask the user for API keys…

2 findings

🔗

Medium External URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

Medium External URL 外部 URL

https://teller.com/docs

SKILL.md:19

File Tree

1 files · 4.2 KB · 124 lines

Markdown 1f · 124L

└─ 📝 SKILL.md Markdown 124L · 4.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`@membranehq/cli`	`unpinned`	npm	No	Global npm install without version constraint

Security Positives

✓ No hidden or undocumented functionality — all capabilities declared in SKILL.md

✓ Credential management delegated to Membrane (no local secret storage)

✓ Network requests routed through Membrane proxy with server-side auth lifecycle

✓ Best practices documented: prefer pre-built actions over raw API calls

✓ No sensitive file paths (~/.ssh, ~/.aws, .env) accessed

✓ No obfuscation techniques (base64, eval, atob) detected

✓ No credential harvesting or exfiltration behavior

✓ No persistence mechanisms (cron, startup hooks, backdoors)

✓ No reverse shell or C2 communication patterns

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives