Scan Report
5 /100
samcart
SamCart integration for managing Products, Orders, Customers, Funnels, and Upsells
This is a legitimate SamCart integration skill using the Membrane CLI for e-commerce operations. All capabilities are documented and the credential handling is delegated to a third-party service (Membrane) server-side.
Safe to install
No action required. This skill follows best practices by delegating authentication to a trusted middleware service.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | READ | READ | ✓ Aligned | SKILL.md:34-35 npm install and membrane CLI commands are documented |
| Network | READ | READ | ✓ Aligned | SKILL.md:19 Official docs reference, membrane proxy requests documented |
| Filesystem | NONE | NONE | — | No file operations declared or observed |
| Environment | NONE | NONE | — | SKILL.md:72 explicitly states 'never ask for API keys' |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://developers.samcart.com/ SKILL.md:19 File Tree
1 files · 4.8 KB · 152 lines Markdown 1f · 152L
└─
SKILL.md
Markdown
Security Positives
✓ Credential handling is delegated server-side to Membrane - no local secrets stored
✓ All shell commands (npm install, membrane CLI) are explicitly documented
✓ Skill explicitly instructs to never ask users for API keys or tokens
✓ Uses pre-built actions to avoid raw API calls when possible
✓ Standard OAuth flow for authentication (browser-based)
✓ No sensitive file access, no obfuscation, no hidden functionality
✓ No base64 encoding or suspicious execution patterns