Scan Report
5 /100
osticket
OsTicket integration. Manage data, records, and automate workflows.
Documentation-only skill that provides OsTicket integration via the Membrane CLI tool with declared network access and no executable code.
Safe to install
Skill is safe to use. Network access is necessary for OsTicket API integration and credentials are managed server-side by Membrane.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations documented or required |
| Network | READ | READ | ✓ Aligned | SKILL.md:40-76 - Proxy requests to OsTicket API via Membrane |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:24-33 - npm install and membrane CLI commands documented |
| Environment | NONE | NONE | — | No environment variable access documented |
| Skill Invoke | NONE | NONE | — | No skill chaining documented |
| Clipboard | NONE | NONE | — | No clipboard access documented |
| Browser | NONE | NONE | — | Browser used only for OAuth login flow (user-initiated) |
| Database | NONE | NONE | — | No direct database access documented |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://docs.osticket.com/en/latest/ SKILL.md:19 File Tree
1 files · 4.3 KB · 124 lines Markdown 1f · 124L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | latest | npm | No | Version pinning recommended: @membranehq/[email protected] |
Security Positives
✓ Documentation-only skill with no executable code to analyze
✓ Network access is explicitly declared and necessary for OsTicket API
✓ Credentials managed server-side by Membrane with no local secret storage
✓ Uses official npm package @membranehq/cli with version pinning available
✓ OAuth-based authentication flow keeps credentials out of the skill
✓ No sensitive file paths accessed (~/.ssh, ~/.aws, .env)
✓ No obfuscation, base64 encoding, or suspicious patterns detected
✓ No credential harvesting or data exfiltration behavior
✓ External URLs point to legitimate services (membrane.com, osTicket.com)