Scan Report
5 /100
respondio
Respond.io integration for managing Organizations, Contacts, Conversations, and other entities
Pure documentation skill (SKILL.md only) providing Respond.io integration via the Membrane CLI with all capabilities properly declared.
Safe to install
Skill is safe to use. No executable code present. All shell and network operations are clearly documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | npm install -g @membranehq/cli (SKILL.md:31) |
| Network | READ | READ | ✓ Aligned | Membrane API and Respond.io API calls (SKILL.md:47-69) |
| Filesystem | NONE | NONE | — | No file operations described |
| Environment | NONE | NONE | — | Credentials handled server-side by Membrane |
| Clipboard | NONE | NONE | — | Not accessed |
| Browser | NONE | NONE | — | Authentication via browser redirect, not programmatic access |
| Database | NONE | NONE | — | Not accessed |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.respond.io/api/v2 SKILL.md:19 File Tree
1 files · 4.4 KB · 128 lines Markdown 1f · 128L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code present - pure documentation skill
✓ All shell commands (npm install, membrane CLI) are explicitly documented
✓ Network access is declared and justified (Membrane and Respond.io APIs)
✓ Credential handling properly delegated to Membrane (no local secret storage)
✓ Best practices documented (prefer pre-built actions over raw API calls)
✓ No obfuscation, base64, or suspicious patterns detected
✓ No sensitive file access (.ssh, .env, etc.)
✓ No data exfiltration or C2 communication patterns