Scan Report
10 /100
marin-software
Marin Software integration for managing digital advertising campaigns
A legitimate Marin Software integration skill that uses the Membrane CLI; all functionality is declared and no malicious behavior detected.
Safe to install
Approve for use. The skill is well-documented with no hidden functionality.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Info | External URL references | SKILL.md:7 |
| Info | Global npm package installation | SKILL.md:27 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in skill |
| Network | READ | READ | ✓ Aligned | SKILL.md lines 7,19 - External URLs for docs |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md lines 27-28 - npm install -g @membranehq/cli |
| Environment | NONE | NONE | — | No environment variable access detected |
| Skill Invoke | NONE | READ | ✓ Aligned | Uses membrane CLI commands as documented |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.marinsoftware.com/ SKILL.md:19 File Tree
1 files · 4.4 KB · 127 lines Markdown 1f · 127L
└─
SKILL.md
Markdown
Security Positives
✓ All shell commands are explicitly declared in SKILL.md
✓ No hidden functionality or undocumented behavior
✓ No credential harvesting - uses Membrane's connection-based auth
✓ No data exfiltration detected
✓ No base64, eval, or obfuscated code
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Single-file skill with transparent documentation
✓ Uses best practices: prefers pre-built Membrane actions over raw API calls