Scan Report
0 /100
pipeline-crm
PipelineCRM integration. Manage data, records, and automate workflows. Use when the user wants to interact with PipelineCRM data.
PipelineCRM integration skill using the Membrane CLI proxy for API access; no executable code, only documentation with legitimate tool usage patterns.
Safe to install
This skill is safe to use. Consider pinning the CLI version in install instructions for reproducibility.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md only contains documentation; no filesystem operations performed |
| Network | READ | READ | ✓ Aligned | Membrane CLI proxies API requests to PipelineCRM; declared in SKILL.md line 6 |
| Shell | WRITE | WRITE | ✓ Aligned | CLI commands (npm install, membrane login/connect/action run/request) are docume… |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.pipelinecrm.com/ SKILL.md:19 File Tree
1 files · 6.7 KB · 258 lines Markdown 1f · 258L
└─
SKILL.md
Markdown
Security Positives
✓ No executable code or scripts — purely documentation
✓ Delegates credential management to Membrane platform (no local secrets)
✓ No sensitive file or path access detected
✓ No obfuscation, base64-encoded payloads, or eval patterns
✓ No data exfiltration or C2 communication patterns
✓ No credential harvesting — explicitly advises against asking for API keys
✓ Membrane acts as a secure proxy intermediary for all API calls
✓ Uses pre-built actions with built-in auth over raw API calls (encouraged in docs)