Scan Report
5 /100
directa24
Directa24 payment platform integration for Latin America via Membrane CLI
Directa24 payment integration skill using Membrane CLI - all functionality declared, no hidden behavior, no credential theft or exfiltration detected.
Safe to install
This skill is safe to use. No additional security controls required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | npm install -g @membranehq/cli, membrane commands |
| Network | READ | READ | ✓ Aligned | API interactions through Membrane proxy, browser auth |
| Filesystem | NONE | NONE | — | No file operations declared or observed |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | No nested skill invocations |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | READ | READ | ✓ Aligned | Browser auth flow for Membrane login |
| Database | NONE | NONE | — | No database operations |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.directa24.com/ SKILL.md:19 File Tree
1 files · 4.2 KB · 122 lines Markdown 1f · 122L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Version pinned to 'latest' during install - consider specifying version for reproducibility |
Security Positives
✓ All functionality clearly documented in SKILL.md
✓ Credential management delegated to Membrane (no local secrets)
✓ No credential harvesting or exfiltration
✓ No base64, obfuscation, or anti-analysis techniques
✓ No sensitive file/path access (no ~/.ssh, ~/.aws, .env)
✓ No reverse shell, C2, or data theft indicators
✓ Standard npm CLI installation pattern
✓ Pre-built actions preferred over raw API calls (security best practice)