Scan Report
5 /100
densify
Densify integration. Manage data, records, and automate workflows using the Membrane CLI.
This is a pure-documentation skill that describes how to use the Membrane CLI to interact with the Densify cloud optimization platform. No executable code is present — only SKILL.md — and all behaviors are explicitly declared.
Safe to install
Approve for use. The skill is safe with no security concerns.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem operations described or present |
| Network | READ | READ | ✓ Aligned | SKILL.md:7 — 'Requires network access'; all network calls go through Membrane CL… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:31 — npm install -g @membranehq/cli; SKILL.md:37-70 — membrane CLI invo… |
| Environment | NONE | NONE | — | No environment variable access described; skill explicitly says 'never ask the u… |
| Skill Invoke | NONE | NONE | — | No nested skill invocations described |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | membrane login opens a browser window for auth (declared in SKILL.md:40-42), but… |
| Database | NONE | NONE | — | No database access |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.densify.com/products/ SKILL.md:19 File Tree
1 files · 4.3 KB · 124 lines Markdown 1f · 124L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Version not pinned; however, this is standard practice for SKILL.md documentation |
Security Positives
✓ Pure documentation skill — no executable code present, eliminating execution risk
✓ All behaviors explicitly declared in SKILL.md with no doc-to-code mismatch
✓ Network access is declared in the compatibility field
✓ Credentials are handled by Membrane's server-side auth lifecycle; no local secret storage
✓ No base64, eval, or obfuscated payloads anywhere
✓ No credential harvesting or exfiltration patterns
✓ No suspicious path access (~/.ssh, ~/.aws, .env)
✓ npm install uses a public package (@membranehq/cli) with no custom scripts