Scan Report
5 /100
gitpod
Gitpod integration for managing data, records, and workflow automation
A legitimate Gitpod integration skill using the official Membrane CLI for workflow automation with no security concerns.
Safe to install
This skill is safe to use. No security issues detected.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md uses membrane CLI to interact with Gitpod API |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md requires npm install and membrane CLI commands |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.gitpod.io/docs/ SKILL.md:19 File Tree
1 files · 4.3 KB · 125 lines Markdown 1f · 125L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Published npm package, latest version used intentionally for CLI tool |
Security Positives
✓ Single-file skill with transparent documentation
✓ Uses official Membrane CLI (@membranehq/cli) from npm registry
✓ No custom scripts or obfuscated code
✓ No credential harvesting or sensitive data access
✓ No network exfiltration or C2 communication
✓ Clear documentation of all capabilities and actions
✓ Membrane handles authentication server-side with no local secrets
✓ Standard CLI installation pattern for legitimate tool integration