Scan Report
0 /100
nudgify
Nudgify integration for social proof and notification management
This is a pure documentation skill with no executable code. It describes using the Membrane CLI to interact with Nudgify's API through declared, documented commands.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md lines 5,37 - Membrane API access for Nudgify operations |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md lines 31,36 - npm install and membrane CLI commands |
| Filesystem | NONE | NONE | — | No file operations mentioned in SKILL.md |
| Environment | NONE | NONE | — | No environment access mentioned; credentials handled by Membrane server-side |
| Clipboard | NONE | NONE | — | No clipboard access in SKILL.md |
| Browser | NONE | NONE | — | Browser used only for OAuth flow via Membrane (user-initiated login) |
| Database | NONE | NONE | — | No database access in SKILL.md |
| Skill Invoke | NONE | NONE | — | No nested skill invocation in SKILL.md |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://nudgify.com/helpdesk/ SKILL.md:19 File Tree
1 files · 4.3 KB · 123 lines Markdown 1f · 123L
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill with no executable code
✓ All capabilities properly declared in SKILL.md
✓ Credential management handled server-side by Membrane (no local secret storage)
✓ Uses legitimate, established npm package (@membranehq/cli)
✓ No credential harvesting, data exfiltration, or obfuscation observed
✓ No sensitive file access, no base64, no eval, no suspicious patterns
✓ OAuth flow via Membrane is a standard, secure pattern