中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:1 day ago Rescan
10 /100
pixiebrix
PixieBrix integration for managing Persons, Organizations, Deals, Leads, Projects, Activities and more via the Membrane CLI.
The skill is a pure documentation file describing a legitimate PixieBrix integration via the Membrane CLI, with no hidden functionality or malicious code — minor documentation gap is the sole concern.
Skill Namepixiebrix
Duration36.3s
Enginepi
Safe to install
Add an explicit allowed-tools declaration to SKILL.md to map the required shell:WRITE access for npm/membrane CLI commands.

Findings 2 items

Severity Finding Location
Low
Missing allowed-tools declaration Doc Mismatch
The SKILL.md declares 'network access' in compatibility but does not declare shell:WRITE, despite requiring npm global installs and membrane CLI command execution. This is a minor documentation gap rather than malicious concealment, as the shell usage is fully visible in the documented commands.
compatibility: Requires network access and a valid Membrane account
→ Add an allowed-tools section explicitly listing shell:WRITE for npm/membrane CLI operations.
 SKILL.md:1
Low
Unrestricted API proxy via membrane request Data Exfil
The 'membrane request CONNECTION_ID /path/to/endpoint' feature allows arbitrary HTTP requests to the PixieBrix API through the user's Membrane connection. While documented, this could be abused to make outbound requests appearing to originate from the user's authenticated context. However, this is the intended design of the feature, not hidden behavior.
membrane request CONNECTION_ID /path/to/endpoint
→ This is by design. Consider adding a warning that users should only authorize connections from trusted sources.
 SKILL.md:78
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No filesystem access found; npm -g install writes to system dirs but is standard…
Network READ READ ✓ Aligned SKILL.md explicitly states 'Requires network access'; membrane request proxies A…
Shell NONE WRITE ✗ Violation SKILL.md instructs npm install -g @membranehq/cli and multiple membrane CLI comm…
Environment NONE NONE No direct environment variable access observed
credential_theft NONE NONE SKILL.md explicitly states 'never ask the user for API keys'; credentials manage…
2 findings
🔗
Medium External URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
Medium External URL 外部 URL
https://docs.pixiebrix.com/
SKILL.md:19

File Tree

1 files · 5.2 KB · 180 lines
Markdown 1f · 180L
└─ 📝 SKILL.md Markdown 180L · 5.2 KB

Security Positives

✓ SKILL.md is a pure documentation file — no hidden code or scripts
✓ All shell commands are explicitly documented with full command syntax
✓ SKILL.md explicitly warns against asking for API keys — credentials managed server-side
✓ No credential harvesting, no environment variable iteration, no base64 or obfuscated payloads
✓ No remote script execution (curl|bash, wget|sh) detected
✓ No sensitive path access (~/.ssh, ~/.aws, .env) observed
✓ External URLs point to legitimate domains (getmembrane.com, docs.pixiebrix.com)
✓ The membrane request proxy feature is clearly documented, not hidden