Scan Report
10 /100
demandbase
DemandBase integration using Membrane CLI for B2B marketing platform data management
DemandBase integration skill using Membrane CLI is well-documented with declared network and shell permissions, no malicious patterns detected.
Safe to install
Skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:8 compatibility field; uses membrane request for API calls |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:43 npm install -g @membranehq/cli; SKILL.md:47-88 membrane CLI commands |
| Filesystem | NONE | NONE | — | No file read/write operations in skill |
| Environment | NONE | NONE | — | No environment variable access; credentials handled by Membrane CLI |
| Clipboard | NONE | NONE | — | No clipboard operations |
| Browser | NONE | NONE | — | Browser used only for OAuth flow via membrane login, not programmatic browser co… |
| Database | NONE | NONE | — | No database access |
| Skill Invoke | NONE | NONE | — | No nested skill invocations |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.demandbase.com/ SKILL.md:19 File Tree
1 files · 4.7 KB · 142 lines Markdown 1f · 142L
└─
SKILL.md
Markdown
Security Positives
✓ Full documentation of all capabilities and operations in SKILL.md
✓ Network access clearly declared in compatibility section
✓ Shell execution (npm install) explicitly documented in setup
✓ Credentials handled by Membrane CLI - no local secret storage
✓ Best practices documented for secure API usage
✓ No base64, eval, or obfuscation patterns detected
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or exfiltration
✓ No curl|bash or wget|sh patterns
✓ Legitimate URLs only (getmembrane.com, developers.demandbase.com)