datananas Security Report — Trusted | ClawSafe

0 /100

datananas

Datananas integration for managing sales engagement data, records, and workflow automation

Datananas integration skill is a legitimate sales engagement platform connector using Membrane CLI with all functionality properly documented in SKILL.md.

Skill Namedatananas

Duration20.9s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified. All shell commands, network access, and dependencies are explicitly declared.

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	npm install -g @membranehq/cli; membrane login/connect/action commands
Network	`READ`	`READ`	✓ Aligned	Membrane CLI makes API calls to Datananas platform
Environment	`NONE`	`NONE`	—	No environment variable access; Membrane handles auth server-side

2 findings

🔗

Medium External URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

Medium External URL 外部 URL

https://developers.datananas.com/

SKILL.md:19

File Tree

1 files · 4.3 KB · 128 lines

Markdown 1f · 128L

└─ 📝 SKILL.md Markdown 128L · 4.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`@membranehq/cli`	`latest`	npm	No	Using @latest tag - consider pinning to specific version for reproducibility

Security Positives

✓ All shell commands are explicitly documented in SKILL.md

✓ Uses standard npm install for dependency management

✓ Authentication uses OAuth/browser flow, no local credential storage

✓ Membrane CLI is a documented legitimate tool (membranehq)

✓ No base64 encoding, obfuscation, or suspicious patterns detected

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No data exfiltration or C2 communication patterns

✓ No hidden instructions or prompt injection attempts

✓ Clear separation: skill only orchestrates Membrane CLI, no direct API handling

Scan Report

File Tree

Dependencies 1 items

Security Positives