confluent Security Report — Low Risk | ClawSafe

15 /100

confluent

Confluent integration using Membrane CLI to manage Kafka topics, clusters, and related resources

Documentation-only Confluent integration skill using the Membrane CLI; no hidden malicious functionality detected, though global npm installation grants elevated permissions.

Skill Nameconfluent

Duration31.7s

Enginepi

✓

Safe to install

Review Membrane CLI's security model before granting shell:WRITE permissions. Consider pinning CLI version and verifying Membrane's credential handling practices.

Findings 2 items

Severity	Finding	Location
Low	Global npm package installation Priv Escalation Skill requires npm install -g which installs packages system-wide, granting elevated permissions beyond typical user-space operations. `npm install -g @membranehq/cli` → Verify the Membrane CLI package integrity and consider using a local installation method if possible.	`SKILL.md:24`
Low	Third-party credential management Sensitive Access Authentication and credential refresh are handled entirely by the Membrane service. No local credential storage or exfiltration is documented, but the delegation introduces third-party risk. `Membrane handles authentication and credentials refresh automatically` → Review Membrane's security practices and privacy policy at https://getmembrane.com	`SKILL.md:32`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations found in SKILL.md
Network	`READ`	`READ`	✓ Aligned	External URLs to getmembrane.com and docs.confluent.io declared
Shell	`WRITE`	`WRITE`	✓ Aligned	npm install -g declared in setup instructions

2 findings

🔗

Medium External URL 外部 URL

https://getmembrane.com

SKILL.md:7

🔗

Medium External URL 外部 URL

https://docs.confluent.io/

SKILL.md:19

File Tree

1 files · 6.3 KB · 147 lines

Markdown 1f · 147L

└─ 📝 SKILL.md Markdown 147L · 6.3 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`@membranehq/cli`	`latest`	npm	No	Version not pinned in SKILL.md

Security Positives

✓ No code execution beyond documented CLI commands

✓ No credential harvesting or exfiltration

✓ No base64 or obfuscated code patterns

✓ No sensitive file path access (~/.ssh, ~/.aws, .env)

✓ No reverse shell or C2 communication patterns

✓ No hidden HTML comments or steganographic content

✓ Legitimate third-party integration with clear documentation

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives