onetrust Security Report — Suspicious | ClawSafe

45 /100

onetrust

OneTrust integration for managing data privacy, records, and automated workflows

Skill installs an unversioned third-party CLI tool and delegates all credential handling to an undisclosed proxy service with no transparency about data collection.

Skill Nameonetrust

Duration55.6s

Enginepi

⚠

Use with caution

Pin the npm package to a specific version (remove @latest), audit the @membranehq/cli package, and require Membrane to publish a security/transparency report detailing their data handling practices.

Findings 4 items

Severity	Finding	Location
High	Third-party credential proxy without transparency The skill delegates all API authentication to Membrane's proxy service. Credentials flow through Membrane's infrastructure with no disclosure of logging, data collection, or retention practices. SKILL.md states 'Membrane handles authentication and credentials refresh automatically' and 'Membrane automatically appends the base URL' - this is a man-in-the-middle for all sensitive API calls. `Membrane automatically appends the base URL to the path you provide and injects the correct authentication headers` → Require Membrane to publish a security whitepaper. Consider allowing direct API access with user-managed credentials instead.	`SKILL.md:91`
High	Unversioned npm package with @latest tag The skill uses '@membranehq/cli@latest' which can pull different code versions over time. npm install also uses unpinned version. This enables supply chain attacks where a compromised version could be pushed. `npm install -g @membranehq/cli` → Pin to a specific version with checksum verification, e.g., 'npm install -g @membranehq/[email protected]' after verifying the hash.	`SKILL.md:45`
Medium	Filesystem access not declared SKILL.md declares 'allowed_tools: null (no direct file operations)' but npm install -g requires write access to the global npm directory (typically /usr/local/lib/node_modules or ~/.npm). This is a doc-to-code mismatch. `npm install -g @membranehq/cli` → Declare filesystem:WRITE permission in _meta.json or use npx instead of global install to avoid persistent filesystem modification.	`SKILL.md:45`
Low	External URLs without verification Skill references external URLs (getmembrane.com, developer.onetrust.com) without package integrity verification. Users cannot verify if these services are legitimate. `homepage: https://getmembrane.com` → Document the expected behavior and data flows between these services.	`SKILL.md:7`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:45 - npm install -g @membranehq/cli
Network	`READ`	`READ`	✓ Aligned	SKILL.md:55 - membrane request CONNECTION_ID /path/to/endpoint
Filesystem	`NONE`	`WRITE`	✗ Violation	SKILL.md:45 - npm install -g requires global npm directory write access
Environment	`NONE`	`NONE`	—	No environment variable access detected
Skill Invoke	`NONE`	`NONE`	—	No skill invocation patterns found
Clipboard	`NONE`	`NONE`	—	No clipboard access detected
Browser	`NONE`	`READ`	✓ Aligned	SKILL.md:53 - membrane login opens browser for OAuth authentication
Database	`NONE`	`NONE`	—	No database access detected

2 findings

🔗

Medium External URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

Medium External URL 外部 URL

https://developer.onetrust.com/

SKILL.md:19

File Tree

1 files · 5.8 KB · 194 lines

Markdown 1f · 194L

└─ 📝 SKILL.md Markdown 194L · 5.8 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`@membranehq/cli`	`unpinned (@latest)`	npm	No	Supply chain risk - no version pinning, uses @latest tag

Security Positives

✓ No credential harvesting detected - explicitly states 'never ask the user for API keys'

✓ No base64-encoded commands, eval(), or direct IP network requests

✓ Uses browser-based OAuth instead of storing secrets locally

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ Well-documented with clear usage examples

Scan Report

Findings 4 items

File Tree

Dependencies 1 items

Security Positives