Scan Report
5 /100
Okay
Okay goal-management platform integration using Membrane CLI
This is a documentation-only skill describing how to use the legitimate Membrane CLI to interact with the Okay goal-management platform. All shell commands and network access are declared and necessary for the documented functionality.
Safe to install
No action needed. The skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access required or used |
| Network | READ | READ | ✓ Aligned | SKILL.md declares network access for Okay API via Membrane proxy |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md lines 27-28: npm install -g @membranehq/cli; membrane login, connect, a… |
| Environment | NONE | NONE | — | No environment variable access; credential handling delegated to Membrane |
| Skill Invoke | NONE | NONE | — | No skill invocation chains |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | Browser interaction via Membrane CLI for OAuth, documented and declared |
| Database | NONE | NONE | — | No database access |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.okaythis.com/ SKILL.md:19 File Tree
1 files · 4.4 KB · 123 lines Markdown 1f · 123L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Declared dependency for Okay integration; version pinned to 'latest' is acceptable for CLI tools |
Security Positives
✓ All shell commands are explicitly declared in SKILL.md
✓ Network access is declared and necessary for the Okay API integration
✓ Credential handling is properly delegated to the Membrane platform (no local secret storage)
✓ No obfuscation, base64 encoding, or suspicious patterns detected
✓ No executable scripts or code files present — pure documentation
✓ Dependency (@membranehq/cli) is a known legitimate tool from Membrane
✓ No sensitive file access (ssh, aws, .env) detected
✓ No data exfiltration, credential theft, or C2 communication patterns
✓ Skill follows documentation best practices with clear usage examples