Scan Report
0 /100
toolset
Toolset integration for WordPress website management via Membrane CLI
This skill is a pure documentation file describing legitimate WordPress Toolset integration via the Membrane CLI with no hidden functionality, credential harvesting, or suspicious network patterns.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | Metadata declares 'Requires network access'; all API calls go through membrane C… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md lines 22-23: documents npm install -g @membranehq/cli |
| Filesystem | NONE | NONE | — | No file operations in the skill |
| Environment | NONE | NONE | — | No environment variable access; credentials managed by Membrane server-side |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard operations |
| Browser | NONE | NONE | — | No direct browser control; uses Membrane's OAuth flow |
| Database | NONE | NONE | — | No direct database access; interacts via Toolset API |
2 findings
Medium External URL 外部 URL
https://getmembrane.com SKILL.md:7 Medium External URL 外部 URL
https://toolset.com/documentation/ SKILL.md:19 File Tree
1 files · 4.2 KB · 122 lines Markdown 1f · 122L
└─
SKILL.md
Markdown
Security Positives
✓ All shell commands explicitly documented in SKILL.md
✓ Credential management delegated to Membrane's secure server-side system
✓ No credential harvesting or exfiltration patterns detected
✓ No base64, eval, or obfuscated code found
✓ No suspicious network connections to external IPs
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ Uses legitimate, documented CLI tool (membranehq/cli)
✓ Skill purpose and capabilities fully aligned with documentation