Scan Report
5 /100
mip-fund-accounting
MIP Fund Accounting integration. Manage data, records, and automate workflows.
This is a legitimate MIP Fund Accounting integration skill that uses the documented Membrane CLI for API interactions. No malicious behavior detected.
Safe to install
This skill is safe to use. No security concerns identified. Standard caution applies when installing any third-party npm packages globally.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:29 - 'Requires network access' |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:35-83 - All shell commands (npm install, membrane CLI) are documented |
| Filesystem | NONE | NONE | — | No filesystem operations in skill - only CLI tool usage |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.mip.com/resource-center/ SKILL.md:19 File Tree
1 files · 5.0 KB · 149 lines Markdown 1f · 149L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | No version pinning; uses @latest tag |
Security Positives
✓ All shell operations are clearly documented with specific commands
✓ Credential handling is delegated to Membrane CLI with no local secret storage
✓ No hidden functionality or undocumented behavior observed
✓ Skill explicitly warns against asking users for API keys
✓ Uses pre-built actions as recommended approach over raw API calls
✓ No credential harvesting, data exfiltration, or obfuscation detected
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env) observed