Scan Report
15 /100
docsgenflow
DocsGenFlow integration. Manage Documents, Users, Workspaces. Use when the user wants to interact with DocsGenFlow data.
This is a legitimate DocsGenFlow integration skill that uses the official Membrane CLI for authentication and API interactions. No malicious behavior, hidden functionality, or credential harvesting detected.
Safe to install
The skill is safe to use. No action required beyond standard operational security practices.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned npm dependency Supply Chain | SKILL.md:35 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md:35-67 - membrane request commands interact with external API |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:31 - npm install, membrane CLI commands |
| Filesystem | NONE | NONE | — | No file operations in skill |
| Environment | NONE | NONE | — | No direct environment access; delegated to Membrane CLI |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://docsgen.flowiseai.com/ SKILL.md:19 File Tree
1 files · 4.7 KB · 128 lines Markdown 1f · 128L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
@membranehq/cli | * | npm | No | Version not pinned; installed globally via npm |
Security Positives
✓ Delegates authentication to Membrane CLI rather than handling credentials directly - reduces local credential exposure
✓ Well-documented with clear usage examples for all operations
✓ Uses official Membrane CLI (@membranehq/cli) - a legitimate, established tool
✓ No credential harvesting or sensitive data access detected
✓ No obfuscation, base64-encoded payloads, or anti-analysis techniques
✓ No hidden functionality or doc-to-code mismatch - what you see is what you get
✓ No network calls to suspicious IPs or data exfiltration channels