中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:1 day ago Rescan
20 /100
outgrow
Outgrow integration for managing data, records, and workflow automation via the Membrane CLI
A legitimate Outgrow integration skill using the Membrane CLI; no malicious behavior found, but documentation does not declare the required shell/Bash permissions.
Skill Nameoutgrow
Duration44.3s
Enginepi
Safe to install
Add a declared permissions section to SKILL.md listing Bash→shell:WRITE and clarify that CLI tools are invoked through shell. Pin the npm package version with @membranehq/[email protected] instead of @latest.

Findings 2 items

Severity Finding Location
Low
Shell execution not declared in allowed-tools Doc Mismatch
SKILL.md describes multiple Bash CLI invocations (npm install, membrane login, membrane action run, membrane request) but the declared allowed-tools mapping does not list Bash/shell:WRITE. This is a documentation gap that should be corrected for transparency.
npm install -g @membranehq/cli
→ Add 'Bash → shell:WRITE' to the skill's declared permissions
 SKILL.md:35
Low
Unpinned npm package version Supply Chain
The CLI installation uses @latest instead of a pinned version, allowing the dependency to change silently over time.
npm install -g @membranehq/cli
→ Pin to a specific version range, e.g., npm install -g @membranehq/cli@^1.0.0
 SKILL.md:35
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No filesystem access detected
Network READ READ ✓ Aligned External URLs to getmembrane.com and developers.outgrow.co are declared in docs
Shell NONE WRITE ✗ Violation SKILL.md instructs: npm install -g @membranehq/cli, membrane login --tenant, mem…
2 findings
🔗
Medium External URL 外部 URL
https://getmembrane.com
SKILL.md:7
🔗
Medium External URL 外部 URL
https://developers.outgrow.co/
SKILL.md:19

File Tree

1 files · 4.3 KB · 126 lines
Markdown 1f · 126L
└─ 📝 SKILL.md Markdown 126L · 4.3 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
@membranehq/cli latest (unpinned) npm No No version pinned — supply chain drift possible

Security Positives

✓ No credential harvesting or environment variable exfiltration observed
✓ No base64, eval, or obfuscated code patterns present
✓ No hidden HTML comments or shadow instructions
✓ No direct IP network requests — all network calls route through the Membrane CLI proxy
✓ No access to sensitive paths such as ~/.ssh, ~/.aws, or .env
✓ No reverse shell, C2, or persistence mechanisms
✓ Skill describes a legitimate, documented integration pattern
✓ Membrane's proxy request is scoped to authenticated connections, limiting abuse surface