Scan Report
0 /100
faceup
FaceUp integration for financial planning and forecasting
FaceUp integration skill using Membrane CLI with fully documented shell commands and credential management. No hidden functionality or malicious patterns detected.
Safe to install
No action required. The skill is secure for use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md documents npm install -g @membranehq/cli and membrane CLI commands |
| Network | READ | READ | ✓ Aligned | SKILL.md documents FaceUp API interaction via Membrane proxy |
| Filesystem | NONE | NONE | — | No filesystem operations in skill |
| Environment | NONE | NONE | — | No environment variable access |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://api.faceup.com/ SKILL.md:19 File Tree
1 files · 4.3 KB · 124 lines Markdown 1f · 124L
└─
SKILL.md
Markdown
Security Positives
✓ All shell commands explicitly documented in SKILL.md
✓ Credential management delegated to Membrane CLI (no local secret storage)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64/eval/exfiltration patterns
✓ No hidden instructions or undocumented behavior
✓ Follows best practices: discovers actions before custom API calls
✓ Encourages using pre-built actions over raw API requests