Scan Report
5 /100
kern-ai
Kern AI integration for ML data labeling and model training
This is a documentation-only skill for Kern AI integration using the Membrane CLI. No scripts, no code, no dependencies, and no suspicious behavior detected.
Safe to install
Approve for use. This skill is safe and performs exactly as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in skill |
| Network | READ | READ | ✓ Aligned | SKILL.md:7 - External URLs to membrane.com and kern.ai are declared |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:25-27 - npm install and membrane CLI commands declared |
| Environment | NONE | NONE | — | No environment variable access detected |
| Skill Invoke | NONE | NONE | — | No skill chaining |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | Browser used only for OAuth flow - declared |
| Database | NONE | NONE | — | No database access |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://docs.kern.ai/ SKILL.md:19 File Tree
1 files · 4.4 KB · 127 lines Markdown 1f · 127L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ All shell operations are explicitly declared in SKILL.md
✓ Credential handling is delegated to Membrane (no local secret storage)
✓ Uses standard npm install - no pip, no curl|bash
✓ No sensitive file paths accessed (~/.ssh, ~/.aws, .env)
✓ No obfuscation (base64, eval, atob)
✓ No data exfiltration or C2 communication
✓ No hidden functionality - doc-to-code match is perfect
✓ Legitimate open-source platform integration (Kern AI)