Scan Report
5 /100
apache-superset
Apache Superset integration using Membrane CLI for data management and automation
This is a legitimate Apache Superset integration skill that documents how to use the Membrane CLI for API interactions. No malicious behavior, credential harvesting, or undeclared functionality detected.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access required or used |
| Network | READ | READ | ✓ Aligned | Network access through Membrane proxy for Superset API calls - documented and ne… |
| Shell | WRITE | WRITE | ✓ Aligned | CLI installation (npm install) and membrane commands - documented and necessary |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | Browser used for OAuth flow - managed by membrane CLI |
| Database | NONE | NONE | — | Database access only through Superset API via Membrane proxy |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://superset.apache.org/docs/ SKILL.md:19 File Tree
1 files · 4.4 KB · 123 lines Markdown 1f · 123L
└─
SKILL.md
Markdown
Security Positives
✓ No script files - purely documentation of CLI commands
✓ Credential management is handled server-side by Membrane (no local secrets)
✓ Uses official npm registry for CLI installation (@membranehq/cli)
✓ Explicitly instructs to never ask users for API keys
✓ No base64 encoding, eval(), or obfuscation detected
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env)
✓ No data exfiltration or C2 communication patterns
✓ Legitimate third-party integration (Apache Superset)