Scan Report
5 /100
buildchatbot
BuildChatbot integration. Manage data, records, and automate workflows. Use when the user wants to interact with BuildChatbot data.
Documentation-only skill describing Membrane CLI usage for BuildChatbot integration. No executable code, scripts, or suspicious behavior detected.
Safe to install
No action needed. This is a legitimate documentation skill with no security concerns.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | N/A - no file operations in skill |
| Network | NONE | NONE | — | N/A - skill only documents CLI usage, no direct network calls |
| Shell | NONE | NONE | — | N/A - skill contains no shell commands |
| Environment | NONE | NONE | — | N/A - no environment variable access |
| Skill Invoke | NONE | NONE | — | N/A - no skill invocation |
| Clipboard | NONE | NONE | — | N/A - no clipboard access |
| Browser | NONE | NONE | — | N/A - no browser automation |
| Database | NONE | NONE | — | N/A - no database access |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://www.ibm.com/docs/en/watson-assistant/v1?topic=applications-building-chatbot SKILL.md:19 File Tree
1 files · 4.4 KB · 127 lines Markdown 1f · 127L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ No sensitive file access patterns (no ~/.ssh, ~/.aws, .env references)
✓ No base64, eval, or obfuscated code patterns
✓ No credential harvesting or exfiltration behavior
✓ Uses legitimate Membrane CLI for authentication (documented OAuth flow)
✓ No hidden functionality - all capabilities are declared in SKILL.md
✓ Best practices documented: prefer built-in actions over raw API calls
✓ No subprocess or shell execution within the skill itself
✓ No IOCs indicating malicious behavior (C2, reverse shells, data theft)