Scan Report
5 /100
resci-retention-science
Retention Science integration for e-commerce customer retention and churn reduction
Documentation-only skill with no executable code; describes legitimate use of the Membrane CLI for interacting with Retention Science API.
Safe to install
No action needed. This skill is safe to use as it only contains documentation for using a legitimate third-party CLI tool.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md documents API requests through Membrane proxy |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md line 25: npm install -g @membranehq/cli |
| Filesystem | NONE | NONE | — | No file operations described |
| Environment | NONE | NONE | — | No environment variable access |
| credential_theft | NONE | NONE | — | SKILL.md line 63: explicitly states 'never ask the user for API keys' |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://support.retentionscience.com/ SKILL.md:19 File Tree
1 files · 4.3 KB · 122 lines Markdown 1f · 122L
└─
SKILL.md
Markdown
Security Positives
✓ Skill contains only documentation, no executable code
✓ All shell commands are explicitly documented (npm install, membrane CLI)
✓ Credentials handled server-side by Membrane with no local secrets
✓ No obfuscation or base64-encoded content
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No credential harvesting or data exfiltration
✓ External URLs point to legitimate service providers (Membrane, Retention Science)
✓ Clear documentation of required permissions and behaviors